General
-
Target
15a1b67790a0987de991ac047a02598a92f7894033acb6313b4641034d194743
-
Size
416KB
-
Sample
220521-ncejnsddg9
-
MD5
2a6568269ef45d1d625f3d597dd63f24
-
SHA1
c583d2b5c98c2f0e1e8de2bf829cc7671ffda6e1
-
SHA256
15a1b67790a0987de991ac047a02598a92f7894033acb6313b4641034d194743
-
SHA512
a3a280bdcd0160f3cee9be1b3f8bc420265ad4089c09fe769f5088f18a223dd1b27f8707c51b50b3c2586e21b610060e929eec4e65568c8ffea392cb74110a3b
Static task
static1
Behavioral task
behavioral1
Sample
NEW ORDER.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
NEW ORDER.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
vicanto1994
Targets
-
-
Target
NEW ORDER.exe
-
Size
502KB
-
MD5
8ee2fd0821f0f98ff8132239b1dc6a46
-
SHA1
5803e378096ba15c495d4b69243e3c996d3ce1bd
-
SHA256
9b31ec2416aaf3b9d3490dc46a2b4a925f42165685b4adf828289dade16c5205
-
SHA512
65a331b8e59f0337be0e13c43619280d0569ee36a716e4a943f26b6a88af947456bcf8070839d2c2708befa6c273c7348d1c59c054dc68a0099f4b5c26b06fcc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-