General
-
Target
nunu.exe
-
Size
507KB
-
Sample
210408-8r9l3vm4je
-
MD5
c7fa443b722dd4bffcda58dbd6a8ad71
-
SHA1
d41111e463dfaa1c10a50f0a6a5d48fc8ae4f7e7
-
SHA256
a321481a5f943697829963ca1ebfafb6f4857ee1af0119daf7c9e274d4e756a0
-
SHA512
52e8a71c2214e5cde34a6ff055ee944bfc3d06f8dcb82b247a0d3ab02417bfb6a836457fb7de9e145de5be04a7805a1b61a197e0a48c92234de8e31c53ce12d2
Static task
static1
Behavioral task
behavioral1
Sample
nunu.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
nunu.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dtvcambodia.com - Port:
587 - Username:
leakkim@dtvcambodia.com - Password:
@DTVcambodia2017
Targets
-
-
Target
nunu.exe
-
Size
507KB
-
MD5
c7fa443b722dd4bffcda58dbd6a8ad71
-
SHA1
d41111e463dfaa1c10a50f0a6a5d48fc8ae4f7e7
-
SHA256
a321481a5f943697829963ca1ebfafb6f4857ee1af0119daf7c9e274d4e756a0
-
SHA512
52e8a71c2214e5cde34a6ff055ee944bfc3d06f8dcb82b247a0d3ab02417bfb6a836457fb7de9e145de5be04a7805a1b61a197e0a48c92234de8e31c53ce12d2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-