General
-
Target
MV. HUA KAI V-2023.exe
-
Size
525KB
-
Sample
210408-8rxn9bgyzj
-
MD5
1e319b2c0ae906ae5412c314b569cec8
-
SHA1
a61b0f45c5c1f9d7fd61a34e5a1e5451bb6bdd73
-
SHA256
78baec19444d923fde30977dacb85fada9247b9e3ae150f32a1137e7fc0b8dfb
-
SHA512
413884c293397ae9c4629d97a882f2fbaac738ddd5629b7cdee83702e3ff9c8b8111765a568784d3a7b51870e3add96398369eaab093865ef70c8d480d047c05
Static task
static1
Behavioral task
behavioral1
Sample
MV. HUA KAI V-2023.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
MV. HUA KAI V-2023.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.hyshippingcn.com - Port:
587 - Username:
plogs112@hyshippingcn.com - Password:
e*u@qkS4
Targets
-
-
Target
MV. HUA KAI V-2023.exe
-
Size
525KB
-
MD5
1e319b2c0ae906ae5412c314b569cec8
-
SHA1
a61b0f45c5c1f9d7fd61a34e5a1e5451bb6bdd73
-
SHA256
78baec19444d923fde30977dacb85fada9247b9e3ae150f32a1137e7fc0b8dfb
-
SHA512
413884c293397ae9c4629d97a882f2fbaac738ddd5629b7cdee83702e3ff9c8b8111765a568784d3a7b51870e3add96398369eaab093865ef70c8d480d047c05
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-