General
-
Target
b0f3f6fecd086efd860a923393b133eb7de79979d083dca16dd728999f8a7448
-
Size
497KB
-
Sample
220521-m4tx1agbbn
-
MD5
8f4786d2f9d31ccda873ad70da0792bd
-
SHA1
8f95a2e060077ee201a0dd87d95f7918f81c3086
-
SHA256
b0f3f6fecd086efd860a923393b133eb7de79979d083dca16dd728999f8a7448
-
SHA512
08682bc58d80e8cff63b3c4b05d29512e450e452a6505e3e8eebabb59a1039792814dcc60c5f6caed6acd833376b00b45a51319469a0d4debdbd0eee1b13dd37
Static task
static1
Behavioral task
behavioral1
Sample
New Order.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
New Order.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.megaworldcorps.com - Port:
587 - Username:
[email protected] - Password:
UBx@@re1
Targets
-
-
Target
New Order.exe
-
Size
797KB
-
MD5
3496b55b6fd286d65ea8f2c6115fba1d
-
SHA1
27bc8cefa41099568b30512a5f7e16e708b878d1
-
SHA256
c9322c62a7cf6690a698de9305d72e972b1ce5b83889433be20cbc99c1107132
-
SHA512
55a1577e428ed62e7e980e0dcbdf2e5da6caff9a72f232ecacafdcb19f244bb9b5feb204f6801e9a15779a07b3ff3aa49db9512446296e7806f373e278a3dc56
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-