General
-
Target
19c652e3a4cf88cb969414c4ddbd9393b4739523211a27000504f981a6f1d364
-
Size
475KB
-
Sample
220521-pbfwsaehh9
-
MD5
3b06a3dc8afb040dc9588b4afdc5fe56
-
SHA1
fc716c6f69d79f4e298311c6b71f6f8c30c10555
-
SHA256
19c652e3a4cf88cb969414c4ddbd9393b4739523211a27000504f981a6f1d364
-
SHA512
d016433fe281ed21500e8d15cfeb0273e73467441df6beafc2f6096f6d275c297138ae4abfc4e2b01e68a9b8bea0b112adb1c2b9119b01d26dbee2767c933d25
Static task
static1
Behavioral task
behavioral1
Sample
New Order.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
New Order.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.samudrapanel.com - Port:
587 - Username:
sce.info@samudrapanel.com - Password:
weslali234
Targets
-
-
Target
New Order.exe
-
Size
527KB
-
MD5
cbbeb3530de7181ab5f954666402fcfc
-
SHA1
4aed7087763b88b9f56708013e72e627f740541f
-
SHA256
1d7340e0158b2367adf6980affa77fd4da9d8ae6dc13b5c1702a6fc5822b7fba
-
SHA512
bb302b8de5c05b3c7a1a50a4d8ef78b47561835e5c1198d2c69204e09f60162c8cdd8b1d8ab81c547f34a5fb3c576e484ff5f62cbbab33e0993afb7e9a5f3295
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-