General
-
Target
f9bef5e8759c927c71b53da0187db4c7ffe0c2f30f48544dff43a37e968d386a
-
Size
470KB
-
Sample
220521-mxrjascfc3
-
MD5
23fc03fcf4569652082e880f955ca692
-
SHA1
83a82a6a3dd8674f76547d63ccbd9291e684f161
-
SHA256
f9bef5e8759c927c71b53da0187db4c7ffe0c2f30f48544dff43a37e968d386a
-
SHA512
a8d699fe55102db39dacca37568831c2b0ad8d11c7744989a972328206b3a964394977e882a030ee84323b7a8e06d505d0651e04a7f59dd00befc4f34be70613
Static task
static1
Behavioral task
behavioral1
Sample
New Order_75869.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
New Order_75869.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
aboyo54
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
aboyo54
Targets
-
-
Target
New Order_75869.exe
-
Size
804KB
-
MD5
402706f192df69d4bda8db49425a510f
-
SHA1
05ed390c67b8fb9df6dd27ed58823fbc4b09cba2
-
SHA256
04428691034f3f528edcfb3a87d8edb1ea37d2cba338657e29ebc857c2fa5a6b
-
SHA512
65cb241dd4d6cd3608a496034bde076e35a3e1b22322c7735c9949a1aaffc9060b51132cc92835f1916cde02790fd24401a36438422ca988d53b7d6ae6d9afbe
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-