General
-
Target
EHM(R)-6E-0.D.7z
-
Size
355KB
-
Sample
210419-46r6rffta2
-
MD5
c9c604677142ae36d175a6e7ddb836d3
-
SHA1
cd140efe1447c8835c09e349887439c95d5df7d8
-
SHA256
7616da5ba2a98cd9cddd45a33814adc9d46457bf11c961bff540ed704ac7996a
-
SHA512
0ba24d3f8bb3d9a8799bfb5c8379d141d8f8b542092080978c1b52415a9507caecadaf9add68f37d03920509d649f66c2c408bf4d3210a47bc36c93f1813edb5
Static task
static1
Behavioral task
behavioral1
Sample
EHM(R)-6E-0.D.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
EHM(R)-6E-0.D.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
webmail.mdist.us - Port:
587 - Username:
[email protected] - Password:
Jg#4321
Targets
-
-
Target
EHM(R)-6E-0.D.exe
-
Size
573KB
-
MD5
6758dcc71978ee960955f011a99138c0
-
SHA1
24964300243026de487f66dfbed1e1eb75b63500
-
SHA256
b8e4c54f15ac8fc84223e2460f6201401c960851b4006d61360caa57c34af3ed
-
SHA512
635655c4b67bddce66073a6e5e3cb673af437bee6e424aa646b76c44b9177e36c74d260ddf4c2cfc32f2db0aae92d74b68e1bca6d6ff0c4b45c119175bd6520b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-