Overview

overview

10

Static

static

3

New Order.exe

windows7-x64

10

New Order.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    New Order.exe

  • Size

    537KB

  • Sample

    230707-kbabsaha4x

  • MD5

    680ef45eabf8adb594ac3c79dd348c9d

  • SHA1

    f08943a2d8d52f5f5c984e122cca5fe38e7938e5

  • SHA256

    4dd0f2964faae26b80ba53709db1c6892124d6abacd29356acf17eb38d1ae8a0

  • SHA512

    7cbed3be32a11a1601ea0a126c1dd837abb9f86f349e6f4183fefa53bf03cb1419a230b2531469bac0c345fa58d5805bd84a89f567ac1466b87cd18553b9e56d

  • SSDEEP

    12288:AAUitCTfOPzV31FScYyvjc6u8yJFUtzt4:AAUMTzNSfMj4JFU8

Score
10/10
agentteslacollectionkeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.kbakr.com
  • Port:
    587
  • Username:
    ella@kbakr.com
  • Password:
    blessing2023
  • Email To:
    chinaedupr@gmail.com

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.kbakr.com
  • Port:
    587
  • Username:
    ella@kbakr.com
  • Password:
    blessing2023

Targets

    • Target

      New Order.exe

    • Size

      537KB

    • MD5

      680ef45eabf8adb594ac3c79dd348c9d

    • SHA1

      f08943a2d8d52f5f5c984e122cca5fe38e7938e5

    • SHA256

      4dd0f2964faae26b80ba53709db1c6892124d6abacd29356acf17eb38d1ae8a0

    • SHA512

      7cbed3be32a11a1601ea0a126c1dd837abb9f86f349e6f4183fefa53bf03cb1419a230b2531469bac0c345fa58d5805bd84a89f567ac1466b87cd18553b9e56d

    • SSDEEP

      12288:AAUitCTfOPzV31FScYyvjc6u8yJFUtzt4:AAUMTzNSfMj4JFU8

    Score
    10/10
    agentteslakeyloggerspywarestealertrojancollectionpersistence

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.