General
-
Target
279c71be97b6c2b070d018616bbf02d05050b8bfc5d36c228b0b81cc931714fa
-
Size
1.2MB
-
Sample
220521-pyebgagbf8
-
MD5
ccb82cc039cc7ec26c94036d52860bf2
-
SHA1
5e483959408985d2bca56284a9a6de12279e4782
-
SHA256
279c71be97b6c2b070d018616bbf02d05050b8bfc5d36c228b0b81cc931714fa
-
SHA512
d3d54c1a58f44e015114f08de1c7f42f2754012102d45de23bd00d06226a9bcb060530692ed3c1808f4ba309f77919155c88a184a164e04c313268c5a6856267
Static task
static1
Behavioral task
behavioral1
Sample
NEW_ORDE.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
NEW_ORDE.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.orientalkuwait.com - Port:
587 - Username:
prakash@orientalkuwait.com - Password:
Operatingmanager1&
Extracted
Protocol: smtp- Host:
mail.orientalkuwait.com - Port:
587 - Username:
prakash@orientalkuwait.com - Password:
Operatingmanager1&
Targets
-
-
Target
NEW_ORDE.EXE
-
Size
525KB
-
MD5
503ba2c6688b990284bd17e71b1996a2
-
SHA1
cfd89cae8cb02568bd905918eb2ae6d2dc591058
-
SHA256
4a3cb269a764e5cc5039e72794fcacffdf8fff861e2073f2a8d27352996449dd
-
SHA512
d7c16d8a01968db629a6fda6d22cfab092d2db622ad898f08160ecabe4b60b3e8749b6292334faae86ad9411eaa3a1b80e81c2f465330ec8194090d83cb5dc54
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-