General
-
Target
59312a8eef959c8eca21fff286c08394070e543e592240f1d449fdecdfd07ff9
-
Size
265KB
-
Sample
220521-ndhygsdec8
-
MD5
576f7190530f8d45a16e57507a128acd
-
SHA1
4dce5e601ce3551326dd28a13af33d450fba4018
-
SHA256
59312a8eef959c8eca21fff286c08394070e543e592240f1d449fdecdfd07ff9
-
SHA512
250b799520bf02681f04b27db84aa6307bb6ae10fac312841c38cc4dc1a790526b92e3f0240b810f650998b5265d0e99276ac5930fca433a81ee1b3398ed204d
Static task
static1
Behavioral task
behavioral1
Sample
Our New Order No. 1557174.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Our New Order No. 1557174.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.beljemi.com - Port:
587 - Username:
[email protected] - Password:
b3lj3m10nl1n3
Targets
-
-
Target
Our New Order No. 1557174.exe
-
Size
611KB
-
MD5
961c2a4e14c037bc861773116def6845
-
SHA1
13a12f088a978abcee89c9c1fcfb7683e6386572
-
SHA256
35b3e5e01f043f68124bd73648b43058c80ac091b0dd1106fd6b78ac843a9beb
-
SHA512
7539ac726bdd8e3d89600758cefa50bda19bd22422b73716cceda2574b4ff24d3f3ad7492533d0d392d183e055a47d3a72d59dada26c7deb6097575b0f846ebf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-