General
-
Target
0f3b045b74c3d2363231efd2d41ee3bb8bc8b9cf718126f85c734efcd4980a7b
-
Size
381KB
-
Sample
220521-d16b7abffk
-
MD5
9c0c3500a3fcd53fd967c74b14a40205
-
SHA1
05480de89168c8432fbcd28a0bd201fa32fd470e
-
SHA256
0f3b045b74c3d2363231efd2d41ee3bb8bc8b9cf718126f85c734efcd4980a7b
-
SHA512
bb3bc3f52b52f074c4f7091f806ded1ea6f35b0ca1b38dcc96d5e01a78289a6c6625099e6ffcc1ae43bdeddb97ed6b895f23d00f062ef44be27c0099436581c5
Static task
static1
Behavioral task
behavioral1
Sample
New Order.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
New Order.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
venus.worldindia.com - Port:
587 - Username:
sales@elastoring.com - Password:
mumoff$2007
Targets
-
-
Target
New Order.exe
-
Size
404KB
-
MD5
12d6e0c658c94a9e7580ffaf418bdf5b
-
SHA1
6fc0a6bcae4bfff04aa503b3da152a94f10403b8
-
SHA256
5a280ac4b15b1c6ed5a6c96c88d99c681574bd8a363ee386e69bffe62b995e6e
-
SHA512
655f66a0b929bee48cb0e44d68e74fe61c50a38ab56ce03452b1918572d9968edb976f030bc5bac7c17c2df5c6ad857dcbf2e3b9564968d471b4163ecab9177b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-