General
-
Target
62b9250ebf657059d88e790e8d34edfba396803f281a100f98750da66da568b2
-
Size
508KB
-
Sample
220521-aqp1nsdefq
-
MD5
c3616e3b946a00605bc82fb768c9800a
-
SHA1
bfd8456454618c88f902c030797fd4328f5a5022
-
SHA256
62b9250ebf657059d88e790e8d34edfba396803f281a100f98750da66da568b2
-
SHA512
b5025c8e8a28b7222f4f362ac8111a61316d3fdaf9dbcd466617f9937e2bf08338334e98aef2efe79df758fb8e00057930437a4fe2bb15b7bb7b167a7f8dfccd
Static task
static1
Behavioral task
behavioral1
Sample
NEW_ORDRE-98767-Doc.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
NEW_ORDRE-98767-Doc.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
valid247
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
valid247
Targets
-
-
Target
NEW_ORDRE-98767-Doc.exe
-
Size
636KB
-
MD5
457e31b0c58ec283e411bd1bf59ba773
-
SHA1
ba1e592cbe4ed8a696cd8480fe8e6a2a4f467f51
-
SHA256
fddde2c8eef8500b27534730d7d921de40a507d1531488a8ee278fc93ce422db
-
SHA512
9e1336f9a554778ea94be0d30b2ca411ad05c61c9e895e5dc2fbd307e94b743969b17cb8d96b3c57a9cc98334465f9805180311b6dbcddc0da5fa51efc46d261
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-