General
-
Target
3776d381f9fa02fb73eb16f9f104c52adf763e6f97ce2f6c74e655c4115ae851
-
Size
720KB
-
Sample
240522-cwlxbahe6v
-
MD5
865614bb221f8b1ec7a15aa033e2a5ee
-
SHA1
777d6d5f2decf2716d423c30377a63baa450218d
-
SHA256
3776d381f9fa02fb73eb16f9f104c52adf763e6f97ce2f6c74e655c4115ae851
-
SHA512
5356e72a63315d7ce3b6f8544b88daa54b6ff1c7bad7af300591d2d2b8ed63a6be86d15be267987307167f7ca3761a7ceeb8b6c6b244cffe6027c75321de1bd5
-
SSDEEP
12288:BorbUF3TVSV0+iKMglb0n6Z++yBGENATNiKq/Gk5y0/+tc1uDWTxnUNrGMH:BIbQ3TLTc0n6MJ0gGkg0uQutGMH
Static task
static1
Behavioral task
behavioral1
Sample
New order.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
New order.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.springandsummer.lk - Port:
587 - Username:
[email protected] - Password:
anu##323 - Email To:
[email protected]
Targets
-
-
Target
New order.exe
-
Size
763KB
-
MD5
7dfb952c184cd0e1d8ad2df971a83986
-
SHA1
a3d2cf69513c7d7ddd020eb11ad40c5ee790fd28
-
SHA256
658e2f44c6e3a6af989069dc2fc82337c326fe751e037161e1c780c9bc639c4c
-
SHA512
be9a46365483bdb02751fa4237e08685b3184b23d93f99b039a3f66a0496feeeb8a83ba2cf37a25fda7ca701d44f36f1fd834893be1fdd55d966d360d35ca77c
-
SSDEEP
12288:yz+I6yWn7fcpVZlu/6uH30nEZ+ym9ENATN9O/P8xGkFp+DjwT8rHDFXVz4X6YG1y:/I698VVY30nEB09YEGkx47hlznI
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-