General
-
Target
12be89063a49ef75e85e925efc7f0d2ad7adb273a0622b2eefbacbb3cb23d670
-
Size
359KB
-
Sample
220521-nfxjnaggeq
-
MD5
8af006578a19b1ec50c2f5e189afcb52
-
SHA1
5dd93688ac4f2af6d115e755026463b8b23f18a9
-
SHA256
12be89063a49ef75e85e925efc7f0d2ad7adb273a0622b2eefbacbb3cb23d670
-
SHA512
17f590a7e538c59f504b6f35b68fcdf0453d3a59560239fa388e1ab3f532f25b624b939a349e2fd4ebdd3ee18b17294b75215ccbf69487380dd92bf6253ce096
Static task
static1
Behavioral task
behavioral1
Sample
NewOrderRevpdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
NewOrderRevpdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.vietnainox.com.vn - Port:
587 - Username:
anhk@vietnainox.com.vn - Password:
123456789
Extracted
Protocol: smtp- Host:
mail.vietnainox.com.vn - Port:
587 - Username:
anhk@vietnainox.com.vn - Password:
123456789
Targets
-
-
Target
NewOrderRevpdf.exe
-
Size
408KB
-
MD5
35e2e4c58e9eb36ef09c4c0c655d84e9
-
SHA1
c1a408af4a334ff486f31936cb966f1b712912a9
-
SHA256
698bf99b93421f8c16cd7d6b397d9632211d25abac6194c674e2c8bc3fb07cab
-
SHA512
8a7bfcbbb7969e8e7965131b6888d695de4a7fbed31e4dadd69324e79cff584662bbc3e08a905f48930267328e67e8aa2d325f9c64d2d7011edb7d5bec077bce
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-