General
-
Target
4093c7ea8074372cfdef4478cfba0566f602cceef573dbe10785ea8758b68d1b
-
Size
852KB
-
Sample
220521-ayq8psbac3
-
MD5
ebf49dc35d5359e53b1add56b70ec990
-
SHA1
d3f4e0ed375f775b6edefe22febe4647fb565e31
-
SHA256
4093c7ea8074372cfdef4478cfba0566f602cceef573dbe10785ea8758b68d1b
-
SHA512
830cb31aeb859d0fd2dd2fed65c90f01265943b1b0546dc1b302c737f596ef5ca1ff92e8540d459479fdbd8d5e85224e9997c2683a653f2d3f64f0881c2f82d8
Static task
static1
Behavioral task
behavioral1
Sample
Attached New Order.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Attached New Order.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
WS!jmys8
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
WS!jmys8
Targets
-
-
Target
Attached New Order.exe
-
Size
792KB
-
MD5
bc44a359ab4cbde140b9f72c02c5bc95
-
SHA1
4a5605eaea799b59309864cf9ceeb65a36efdc42
-
SHA256
5a460f4dffeba9df56bfda908e0570f0b80dfe92c18262d71dffd6067d552353
-
SHA512
cd6a3c4dea2ff68bd6a79c0ffd914f95308e91b587ad3d3e595aa78e8cde4754549ce7e5cefaf55b9d8ad68777181a898f132c2589fb73da2054418909dc5918
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-