General
-
Target
dispatch details.r00
-
Size
460KB
-
Sample
210408-6hqwgfjves
-
MD5
6f7d2f141c2f600b1aca1f5fa9523898
-
SHA1
fa6613dce839e9521b31d787bbe337721ef9194b
-
SHA256
ec4cdc6c30b24171ed2427be8b77ceab3700a362536121d840c5620b79127908
-
SHA512
19847055413154ac8deb8aee8b883a60dc0559c20a6e237c7b559be1bae25c2c2c385581c075c88654db2c988f458ba2a318150b949554c01b2b5e4726548882
Static task
static1
Behavioral task
behavioral1
Sample
nunu.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
nunu.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dtvcambodia.com - Port:
587 - Username:
leakkim@dtvcambodia.com - Password:
@DTVcambodia2017
Targets
-
-
Target
nunu.exe
-
Size
507KB
-
MD5
c7fa443b722dd4bffcda58dbd6a8ad71
-
SHA1
d41111e463dfaa1c10a50f0a6a5d48fc8ae4f7e7
-
SHA256
a321481a5f943697829963ca1ebfafb6f4857ee1af0119daf7c9e274d4e756a0
-
SHA512
52e8a71c2214e5cde34a6ff055ee944bfc3d06f8dcb82b247a0d3ab02417bfb6a836457fb7de9e145de5be04a7805a1b61a197e0a48c92234de8e31c53ce12d2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-