General

  • Target

    New Order.7z

  • Size

    750KB

  • Sample

    230329-qxh4psab4y

  • MD5

    ea2ec390f1d4b91803f6a36022a81048

  • SHA1

    0530b9a0f364506517a7860006dfa4aa7a2e2d0f

  • SHA256

    01aa40d1ee37ea9ec70250b1c68030031f22ef4af010f50b5b9b26c724e1d68d

  • SHA512

    13d0d3c912e899482db99b6b242a9caf3a26cf0fd23bce3dab5a7489eeaf91881b0ca96a7b3ab9356bb09ba4d719d52936f357d83082dd621f0e0818b00e70ce

  • SSDEEP

    12288:DeVtqJdySc0tntLUpR7CI0EGp1+fasTL6dACMzD1qlnOd47SlG75q6wZG+xur/mL:D/Zks2bZT2Gtpq7XM6RcquL

Malware Config

Targets

    • Target

      New Order.exe

    • Size

      1.1MB

    • MD5

      689c1747e952be68eeaa28ecf3e36a90

    • SHA1

      2c3c22cb6fc8c949f06b6c7b3e032776cc247bd1

    • SHA256

      e0e1212ebf49244da1fd93d30b121e936b46d03b9879924a63402de69e225e2b

    • SHA512

      82c7d63e730bc10ab2dc4648d512385d89b5af293168b4344d08688fffbf9e49ba7c4a999a9cd88d489c6c1c21578d78f2ebdd5a4d4d0e94a7ddfbc39561cbaf

    • SSDEEP

      12288:d2iNo3XdJVZz5dB3HWXtLUphPCI0EGpF+fasTi6dsCM6D1IlnOh4HSlG+5q6waGd:d12zVZ97HW5ko29ZTT+Yb+HqM60cq

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks