Overview

overview

10

Static

static

NEW ORDER.exe

windows7-x64

10

NEW ORDER.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    NEW ORDER.exe

  • Size

    1.4MB

  • Sample

    221020-czacpaaef8

  • MD5

    313f1f3152ae048a40feae10cb0f78eb

  • SHA1

    921d17264e8f00a37bdbfc7f39bc584dfc6a304e

  • SHA256

    bc123960f09aa291db84c5e7d73412fad81939bb5a57459e94cd7d522b4ee193

  • SHA512

    e0f21448ef4125e815f9eaf670467d6350050b97d8fc530e88710d3abe8b4a205c5d1754f97953f8cb3421e9c6f819cfc2c5149660969d85ba213463c8c2ec65

  • SSDEEP

    24576:y8eF+9SnkX6/sR6uxdTVfjktDaHarKu79cR/1vpU:neF+9SnkX6I6sdJjV69i/1vp

Score
10/10
agentteslacollectionkeyloggerpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      NEW ORDER.exe

    • Size

      1.4MB

    • MD5

      313f1f3152ae048a40feae10cb0f78eb

    • SHA1

      921d17264e8f00a37bdbfc7f39bc584dfc6a304e

    • SHA256

      bc123960f09aa291db84c5e7d73412fad81939bb5a57459e94cd7d522b4ee193

    • SHA512

      e0f21448ef4125e815f9eaf670467d6350050b97d8fc530e88710d3abe8b4a205c5d1754f97953f8cb3421e9c6f819cfc2c5149660969d85ba213463c8c2ec65

    • SSDEEP

      24576:y8eF+9SnkX6/sR6uxdTVfjktDaHarKu79cR/1vpU:neF+9SnkX6I6sdJjV69i/1vp

    Score
    10/10
    agentteslacollectionkeyloggerpersistencespywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks