General
-
Target
NEW ORDER-000000WE.rar
-
Size
616KB
-
Sample
240617-jqx6qa1dmd
-
MD5
a9b4302e9e32f081a78b53e504408910
-
SHA1
74eeeea1f329e8f3512ce8e420ca78149cc7e7ec
-
SHA256
518dd4a7bd96090b6c2ed9e7a672fdc46d047e2c439040b4e6ad9a4e68fd5d47
-
SHA512
86aaccae656d754d58f9865a5d0cb869050f3d38a090b67f63256a96559a00ca7232cdb80181684a2a3f84037bf7ca8376acae8dbf37f75ce122c33754842b91
-
SSDEEP
12288:fYYMNm7NupRn36ztlh5ZCKCPEV3BsAg+jWKE/1ZtZkjQw6d:PV7QpRq5tJCsW3/1ZtZzw6d
Static task
static1
Behavioral task
behavioral1
Sample
NEW ORDER-000000WE.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.thelamalab.com - Port:
587 - Username:
[email protected] - Password:
Thel@malab@20!9
Extracted
agenttesla
Protocol: smtp- Host:
mail.thelamalab.com - Port:
587 - Username:
[email protected] - Password:
Thel@malab@20!9 - Email To:
[email protected]
Targets
-
-
Target
NEW ORDER-000000WE.exe
-
Size
628KB
-
MD5
0abb067fc4dcb97e63360595c2216674
-
SHA1
534c97142b40a4cfeac1e2508b11c4fd7d2be6fa
-
SHA256
7fc25fe68de56c5d7d59cc518b9d37985faaa4245e981a30369982c8c7c7240d
-
SHA512
0bddd57de4d9d0729a06cbcb3448accc2f5e3333b25d6399c929ac6db5c3b907fe06c6cc2732abcfd4247cb51e7524dc718fe96599897d3de46098c0cececa63
-
SSDEEP
12288:9NKvQdA0HK9i529EDROD9H9FWEbeZDY6y1hIAcnohEB9k7hT4nf:+GwDBHOEbeZcJ1cnoAK7Snf
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-