General
-
Target
aeca515b2b5ad615d49b0c0c057f41f0af190bb21fd77d92b126ad0ac05aad52
-
Size
482KB
-
Sample
220521-mygeqafgfq
-
MD5
6b37723b3e1f42884346e486186c3b70
-
SHA1
35013403bfb64f84680234de936b15bc9ea991f7
-
SHA256
aeca515b2b5ad615d49b0c0c057f41f0af190bb21fd77d92b126ad0ac05aad52
-
SHA512
fa0ac021575043ce6c908d348bfcbc16d60f4f9c93cf6f456b0cfed52e2a36e5ab540453115865e06ee51dd284c2ec5370503890082d88900a1f6bf1b99d2918
Static task
static1
Behavioral task
behavioral1
Sample
NEW ORDER 2020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
NEW ORDER 2020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.bnb-spa.com - Port:
587 - Username:
[email protected] - Password:
hope2020
Targets
-
-
Target
NEW ORDER 2020.exe
-
Size
786KB
-
MD5
48fb67150c7a3419c215f10c3e3d1304
-
SHA1
826d2b9b5c66464def942721e019f8d0e3ce397e
-
SHA256
1f1d87aaf919fc57a2e4498d3d54c8f9c724026b97b05747e1e6bdcccb51be46
-
SHA512
a31fc9ab965b6c9e9a50d37942825a069246d8e88683cb656258552216f2a29281ecfc39e2057519a61c4b5b3eb2a9321e9ff9550a6b37c8d4c6e825c94407e8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-