General
-
Target
THE NEW ORDER FOR FU#F211213-016(OR22078).exe
-
Size
472KB
-
Sample
221204-me9l6aad72
-
MD5
bc19430f73ce7c06468bb450f99203f2
-
SHA1
1abfeb24edd346228e56ef94bf5241f2a39b8a4f
-
SHA256
e47e898923208e15cedda56de05b9896e2e3df46628a74692d91484ab4fcefcd
-
SHA512
0e75ee453b1bda764817ad97d2f5ec3ff9c8d20a11cded85c5033b34af94f980db251cd163cf7b22a2cca2583545fa41061420f26c280ea303d0e0e44666b7b3
-
SSDEEP
12288:B4BEjMyXlpQhl+CbZSt0iZV76/L9gaTAri0KvHbxnq:+GjMy+TZgLWZhgi9tn
Static task
static1
Behavioral task
behavioral1
Sample
THE NEW ORDER FOR FU#F211213-016(OR22078).exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
THE NEW ORDER FOR FU#F211213-016(OR22078).exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5247127509:AAGW6jgaK8wg9Olc3UxNFqjLkvAv8DEdQEY/
Targets
-
-
Target
THE NEW ORDER FOR FU#F211213-016(OR22078).exe
-
Size
472KB
-
MD5
bc19430f73ce7c06468bb450f99203f2
-
SHA1
1abfeb24edd346228e56ef94bf5241f2a39b8a4f
-
SHA256
e47e898923208e15cedda56de05b9896e2e3df46628a74692d91484ab4fcefcd
-
SHA512
0e75ee453b1bda764817ad97d2f5ec3ff9c8d20a11cded85c5033b34af94f980db251cd163cf7b22a2cca2583545fa41061420f26c280ea303d0e0e44666b7b3
-
SSDEEP
12288:B4BEjMyXlpQhl+CbZSt0iZV76/L9gaTAri0KvHbxnq:+GjMy+TZgLWZhgi9tn
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-