General
-
Target
SecuriteInfo.com.Zum.Androm.1.23035.3552
-
Size
565KB
-
Sample
211202-qadwgabga9
-
MD5
9d215ff1504f0b9e800ffc8aa404c350
-
SHA1
38e23700178a704677cb3604479aa13f71cae5dc
-
SHA256
a6af5fbc218d9d18aa23e525000da927d17bc52900af1ed0fdf5ce01097cf39d
-
SHA512
d7c340d256c9cb11a89e67a5ba7b55e805aa21084c5499473a430fd40b96fd357923daebd5de608faabc932cf3ee2404393dc6452c3cfa0f38ff345fe694a850
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Zum.Androm.1.23035.3552.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Zum.Androm.1.23035.3552.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.scahe.co.in - Port:
587 - Username:
sj@scahe.co.in - Password:
scaheavy@12345
Targets
-
-
Target
SecuriteInfo.com.Zum.Androm.1.23035.3552
-
Size
565KB
-
MD5
9d215ff1504f0b9e800ffc8aa404c350
-
SHA1
38e23700178a704677cb3604479aa13f71cae5dc
-
SHA256
a6af5fbc218d9d18aa23e525000da927d17bc52900af1ed0fdf5ce01097cf39d
-
SHA512
d7c340d256c9cb11a89e67a5ba7b55e805aa21084c5499473a430fd40b96fd357923daebd5de608faabc932cf3ee2404393dc6452c3cfa0f38ff345fe694a850
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-