General
-
Target
New Order.exe
-
Size
666KB
-
Sample
221128-ltcejadg47
-
MD5
06895d8d4b00033cdbb39b9daf6612be
-
SHA1
2ec7c298232968f81d114dd7e693f8823190cbf9
-
SHA256
d73101ab17bc879d736d035c6272beb309d438e3c0e248267b33dbda210242d8
-
SHA512
dbf342e9c401944fdfbb908593ccdf73fecfa1b61949b96396e629c20a3ac287a450b54cb92a043a96161f1a0a84ecd45ad93d00a2cf02df49af2bf57dc8fd67
-
SSDEEP
12288:QYcmpbKbfZLRzS1V7VfGg5T9SCmejJmYKQ16coH+:Qr0bKcVJf/hpmeIY/zo
Static task
static1
Behavioral task
behavioral1
Sample
New Order.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
New Order.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
host39.registrar-servers.com - Port:
587 - Username:
Emenike@potashin.us - Password:
})cZs aj5Xr; C
Targets
-
-
Target
New Order.exe
-
Size
666KB
-
MD5
06895d8d4b00033cdbb39b9daf6612be
-
SHA1
2ec7c298232968f81d114dd7e693f8823190cbf9
-
SHA256
d73101ab17bc879d736d035c6272beb309d438e3c0e248267b33dbda210242d8
-
SHA512
dbf342e9c401944fdfbb908593ccdf73fecfa1b61949b96396e629c20a3ac287a450b54cb92a043a96161f1a0a84ecd45ad93d00a2cf02df49af2bf57dc8fd67
-
SSDEEP
12288:QYcmpbKbfZLRzS1V7VfGg5T9SCmejJmYKQ16coH+:Qr0bKcVJf/hpmeIY/zo
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-