General
-
Target
63967c45251f1094e81ae4859415409165b2d449d0dea56276b7d9523da3051d.rar
-
Size
709KB
-
Sample
240617-vsdqmsxale
-
MD5
eb4489be93d5a163940004bd8ca9963b
-
SHA1
fdead7824a2f0c8b7a037303f4d47782cc6e0eb5
-
SHA256
63967c45251f1094e81ae4859415409165b2d449d0dea56276b7d9523da3051d
-
SHA512
14dd46811780580f02019d11113ddf89590a014ee543c03d9753c035b33a6a3f5269d4ba72671c0af821a5868b143b963077866a0e844b9f807339012bedf31d
-
SSDEEP
12288:7xX1nVEUkfP6iYw9r/ypwovrYawEHhLXXjbbsAUWwyWiJewMWnQn34SM93YtqtDz:7xX9qbKqTxk8ENH/bsAUWwViJRnQnooI
Static task
static1
Behavioral task
behavioral1
Sample
NEW ORDER.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
NEW ORDER.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
NEW ORDER.exe
-
Size
1.2MB
-
MD5
8cd947a7a778cc3ddfcf24afe58e3472
-
SHA1
a6f8d0b06fac90b33a9c4af8c4a32eec0b0fb713
-
SHA256
81eb8aa9b2226312d76e1bf196178ffd3bf4fa20f02de820451d4f654179655c
-
SHA512
59e1bc3225cd23e74b08a685ba8c7671182875fc52683a36d6b76b7a033ab3c484d0a5c83d5244b2874635696366cebc2560e13fe61ff4dc99c48d333e46205b
-
SSDEEP
24576:9AHnh+eWsN3skA4RV1Hom2KXMmHabkY7tSO9jl9pgJa8q+In5:ch+ZkldoPK8YabktO9jka84
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-