General
-
Target
24be7f8eb88df622bbd1f88d1f63233e894d4b681dc9540d84c33b85a4d446b1
-
Size
375KB
-
Sample
220521-pnjs7sfff8
-
MD5
50feb1f370567dce96ddb58f4f9fe855
-
SHA1
680e24b58730f8c22813e657069f118a7b0298d5
-
SHA256
24be7f8eb88df622bbd1f88d1f63233e894d4b681dc9540d84c33b85a4d446b1
-
SHA512
81d92d2aa0d9ba6b2a0641a92ab9fcdf0c9dc5db129b87c8bc8ff5640d6608f493fb5ecd28b2f45cac7cab860c26ea3784137ceca3389f8623a8e1c1e5feb051
Static task
static1
Behavioral task
behavioral1
Sample
Neworder5119047pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Neworder5119047pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
webmail.siancoeg.com - Port:
587 - Username:
abdallah.hosny@siancoeg.com - Password:
26444534
Targets
-
-
Target
Neworder5119047pdf.exe
-
Size
405KB
-
MD5
71894434f256436d126e77c7307ce2cd
-
SHA1
6d14957428ffd27ed1a40c64a04fa5d6fbb0c663
-
SHA256
968a7bf9593f8635bc6383f73cc1743b4fa776442ec7265adc138f248531bfbf
-
SHA512
7719b04c4deef0cc18b40eb413377fbf1a9eaee3c64126d137dd6ef5ef3c2704d746ab0bc2c85ab19c4fa0be9f7ecf39ba76e0616cf72a0d01bd7cd76eacb6a4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-