General
-
Target
b1d8a3f59acf0ff87a7254825344ea794aacbbcdd5802b1ee71d55b55828af1b
-
Size
740KB
-
Sample
220520-3y83qshgd3
-
MD5
7d887c80e95e282523b129ac7810d7bb
-
SHA1
b5392958880f848918e6e667fa3927b828392761
-
SHA256
b1d8a3f59acf0ff87a7254825344ea794aacbbcdd5802b1ee71d55b55828af1b
-
SHA512
e277a35769a046bdfee813f6faf5921ae1ccc3b1d1b25d5f32db779426a6299761da7c85b43387ba3ba4622dd0bf1acb3eb3e33921e37c2926c1eb47009f0ed9
Static task
static1
Behavioral task
behavioral1
Sample
New Order.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
New Order.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.privateemail.com - Port:
587 - Username:
[email protected] - Password:
connect
Extracted
Protocol: smtp- Host:
smtp.privateemail.com - Port:
587 - Username:
[email protected] - Password:
connect
Targets
-
-
Target
New Order.exe
-
Size
680KB
-
MD5
8b8285fa83c422b6b412be5d03c6ffa2
-
SHA1
156d5c6789406b42946d01ff9924b157731142dd
-
SHA256
397430a16d115d42056de1dca482e0fd9290ce8cbe6c45a614cac0fc85983a72
-
SHA512
3c7a9815ad44d6f94abe26cbc41dbc986df1a9ae9d6435b166375316667c5999b222d9160c9bbf2554fa888d550cddfbe9c9ea099e2603993cc9ee14c72dc89a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-