General
-
Target
DUBAI HMC2022.Gz
-
Size
451KB
-
Sample
211021-ec33lahgf7
-
MD5
beea2d2694ae14cb770a1de837b24b3f
-
SHA1
8130a85812f52d68faf5ac194cb90cf470d78d42
-
SHA256
0bbd76367aaace06b6597c7334a8b8c923030c8e67ad15ced0c133c74be49411
-
SHA512
d6b4298578057c83a5d046b403f23e75e004a575736f702d281625bc62579825c5b035ef855bd3b62c0ffdb0175b6989c6fbbf73af913dd0afaad024b58dde2b
Static task
static1
Behavioral task
behavioral1
Sample
DUBAI HMC2022.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
DUBAI HMC2022.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.myremediez.com - Port:
587 - Username:
help@myremediez.com - Password:
123123456
Targets
-
-
Target
DUBAI HMC2022.exe
-
Size
592KB
-
MD5
88bd3ddede5da19e878746dbd2d184b9
-
SHA1
c3976bfb7db0fc4e403e88f5ad5c39dd29bb7512
-
SHA256
6a6450c020fa3f553aa941e737be918d75d69dd930a4c4d5757ddfc1efd066ba
-
SHA512
f6af97a52f6f9c79d7919188897ec363ad517707a24deb3f489e4f72f7d1e31843844d9242530aeaf40da094405339ea37f66dcf4adc2d7d2106f54c0fdd8493
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-