General
-
Target
e3784cc7f85e537f08ebf9cf2fd280dc9b1508aa0a5489142e7175f7858b8ece
-
Size
410KB
-
Sample
220521-ndt1ragfdm
-
MD5
2b0d0ec8049bcf69d2822ab0beab1173
-
SHA1
4fb326961dda2d9fe0c00e1b5471e8857687dcd1
-
SHA256
e3784cc7f85e537f08ebf9cf2fd280dc9b1508aa0a5489142e7175f7858b8ece
-
SHA512
7bbe43832c38857ca3d1aa331a326afb96f0de2212b48621cc6f879c1b4124bdbf54c6172af6308e54dc20cc525352a096ef0f7fdbbdc1b5cc6d314c9570452e
Static task
static1
Behavioral task
behavioral1
Sample
NEW ORDER Pl 05.08.20.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
NEW ORDER Pl 05.08.20.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
faith12AB
Targets
-
-
Target
NEW ORDER Pl 05.08.20.exe
-
Size
451KB
-
MD5
b88a8e2e9b8a4c00db565100de103c0b
-
SHA1
b39f39f0aa3df8a7051b13a159838e7dab0de567
-
SHA256
65352221fc82526f39fc8ea925e9478a2268f85415bbaa6ca96c037b3f350ef4
-
SHA512
3e27772b908477256498dfec01174aa3d6c6170b6388b6faaf46ed6dbf2e2fd0c974a40a246bced03b42ee025314c972d4d3809c39c94523b1894ebd9dec4e08
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-