General
-
Target
a70db2246da1bf14d2600cd9dae822a34f6e6de708aa6c55c517dfa57174bca8
-
Size
1.2MB
-
Sample
220521-pg3yhafcf4
-
MD5
06ef66d69a0a5feefad881790913c648
-
SHA1
bba3e7a792472695b102761086304bf085794c30
-
SHA256
a70db2246da1bf14d2600cd9dae822a34f6e6de708aa6c55c517dfa57174bca8
-
SHA512
2294463cfb3a38470778b531bdd85c338a2ff59d0e3c2d7da48a4a636708885f0e52b626151c44f21678c7e7630623563ba89960057248b814071957510b7a1f
Static task
static1
Behavioral task
behavioral1
Sample
NEW_ORDE.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
NEW_ORDE.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.orientalkuwait.com - Port:
587 - Username:
prakash@orientalkuwait.com - Password:
Operatingmanager1&
Extracted
Protocol: smtp- Host:
mail.orientalkuwait.com - Port:
587 - Username:
prakash@orientalkuwait.com - Password:
Operatingmanager1&
Targets
-
-
Target
NEW_ORDE.PIF
-
Size
401KB
-
MD5
7c1307b3ea314c4c6096767faafaae1a
-
SHA1
1f792503d4e9439d70034d472abc177a38f3a62c
-
SHA256
79a711260d532f13d17a1ef3201cd25341871391de674db34d64f68e6989b532
-
SHA512
9aac59304007839a66129a04e5da9b0201928bfb42040799fa111a110a4d42a5b9b3c5f9fdcf5eb04aaf8611c521629c0a05197361a926516af331f2941f6bf2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-