General
-
Target
new order TRICOLOR-6.45 TRICOLOR-6.3 TRICOLOR-8.1 TRICOLOR-7.66.......exe
-
Size
549KB
-
Sample
211202-rrwy2shfgp
-
MD5
66cbe976594f666d5440264a4084b21f
-
SHA1
944c8819e41ad59333527141a7fd5180253969e1
-
SHA256
460eb4667362671be2be1e94afe56e73331c3a3cd58b028e49ec135fec8888a9
-
SHA512
1ebb035fd7ceab82f4ee270e66b097958e8b57805897dcafc4736e82e64961ec5df61af8a0ec78d9d119d2ec235d955559cfe360587e46915aa9c5450c93da1e
Static task
static1
Behavioral task
behavioral1
Sample
new order TRICOLOR-6.45 TRICOLOR-6.3 TRICOLOR-8.1 TRICOLOR-7.66.......exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
new order TRICOLOR-6.45 TRICOLOR-6.3 TRICOLOR-8.1 TRICOLOR-7.66.......exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.kyowasecurity.com.sg - Port:
587 - Username:
marketing@kyowasecurity.com.sg - Password:
avKw1$991
Targets
-
-
Target
new order TRICOLOR-6.45 TRICOLOR-6.3 TRICOLOR-8.1 TRICOLOR-7.66.......exe
-
Size
549KB
-
MD5
66cbe976594f666d5440264a4084b21f
-
SHA1
944c8819e41ad59333527141a7fd5180253969e1
-
SHA256
460eb4667362671be2be1e94afe56e73331c3a3cd58b028e49ec135fec8888a9
-
SHA512
1ebb035fd7ceab82f4ee270e66b097958e8b57805897dcafc4736e82e64961ec5df61af8a0ec78d9d119d2ec235d955559cfe360587e46915aa9c5450c93da1e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-