General
-
Target
94e91ad6b157ff4b58f751649473fce3c7cd77e2b402e9be5e562ad57c65d72f
-
Size
1.2MB
-
Sample
220521-b1py4acgg4
-
MD5
56b5d92336b44befa1d56d2e6d444693
-
SHA1
cd947ba8314e74ad70b4e1b604327aa1b610a3bf
-
SHA256
94e91ad6b157ff4b58f751649473fce3c7cd77e2b402e9be5e562ad57c65d72f
-
SHA512
af682d27bcb2219d9ba835fdb6c7146a13060244daa0f595b65b65ff9144ffb9981a981a0e5cc824f2289f57d7e5ea55530ae299c52860c2523c3f29870cad4d
Static task
static1
Behavioral task
behavioral1
Sample
NEW_ORDE.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
NEW_ORDE.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.orientalkuwait.com - Port:
587 - Username:
[email protected] - Password:
Operatingmanager1&
Extracted
Protocol: smtp- Host:
mail.orientalkuwait.com - Port:
587 - Username:
[email protected] - Password:
Operatingmanager1&
Targets
-
-
Target
NEW_ORDE.PIF
-
Size
407KB
-
MD5
5cac1e716627b5caea7e65c9f52afa59
-
SHA1
0d0407e5a5949d4413ad30521a2c312f3afd509c
-
SHA256
63e22190be3afdf47f1f752c5a112347410849f3dccd0f0a7319dc8e6a405b39
-
SHA512
7cc910c403c6d2005e58ed080a16b694a0ed8744242fde39e52b999de241c0a71b483bc990604971fb2898fba74c43a3d4f3e61784a74b03b4f679679f931f0d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-