General
-
Target
b38872afd836a86bc739092c37215174e09d8ffdd8955c750ce940675de88b08
-
Size
1.4MB
-
Sample
220201-tt4g1shgd2
-
MD5
830e9471901a342b1c97e4fc1b79c1b1
-
SHA1
0e5a59e9f7ad5624bf3129a84d4846e6183af605
-
SHA256
b38872afd836a86bc739092c37215174e09d8ffdd8955c750ce940675de88b08
-
SHA512
6a1d31811d7da476e1ca9865666b0db335c0fc23684b223eb9c76e4e1f1500816cb0c3ecdb43b04d76f7481515341aac14ef33c88333c6b37664f4a29a21b09f
Static task
static1
Behavioral task
behavioral1
Sample
CONFIRM2.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
CONFIRM2.exe
Resource
win10v2004-en-20220113
Behavioral task
behavioral3
Sample
CONFIRM_.exe
Resource
win7-en-20211208
Behavioral task
behavioral4
Sample
CONFIRM_.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
admin@evapimplogs.com - Password:
Everest10
Extracted
formbook
4.1
ergs
oceanprimesanfrancisco.com
dk-tnc.com
sodangwang.com
abrat-ed.com
dusubiqiqijem.xyz
getsup.online
homeneto.com
shose8.com
tronlane.com
nidowicosasod.xyz
independienteatleticclub.com
pca-winschool.com
realbadnastystories.site
bluevioletfloral.com
simplifiedpeacepodcast.com
abcfreediving.com
theyardbunny.com
holoique.com
ibkr1325.com
tjnfioou.xyz
bumbleapi.com
universityofnorthdakota.com
kisoriyan.com
scienceiva.com
permislbzd.store
mysoiree-lyon.com
philippinenow.com
officialjoyslots.com
casualdatingsites.online
delia-flores.com
eroerofuck.com
myesu.net
tryhard-production.com
3beadsbytj.com
congtycoessentials.net
3doutfits.com
spencersigmon.xyz
mewydyrqd.xyz
manigua.store
teescuchooffee.com
websitetudong.com
shiere.com
rummypepper.com
universeinteriors.com
royaledutyfree.com
evolutionarycurandera.com
seulookexpress.com
seajetguard.com
monikamosur.com
columbiaathleticboosters.com
sem4seo.com
businesstechblueprint.com
kreativemarketingconcepts.com
maisons-france-confort-mp.com
lixinjishaiwang.com
mybrabdmall.com
mrdreamhouse.com
graysrbm.online
theboathub.com
50039219.com
rincondelvinologo.com
coreatechnologyonline.com
artuta.com
teaneckvegan.com
iselotech.com
Targets
-
-
Target
CONFIRM2.EXE
-
Size
439KB
-
MD5
964a3b643ea6fe03ba7eafdf9b3e8120
-
SHA1
f767f86a4c297b54cc91d67450da022816cfcc4d
-
SHA256
34ca9a1b6fd8f866a4209606109611b0d3d095c956033fa2869a1cfc6ba760bf
-
SHA512
ed0eaf4cc49710168d3988e5385818bb7f74ed7d9768e0d0892b40582d8cef5601d6f52514d1b671c599996e3b2c4a9a208573baa04df8d3e67b327f969d5247
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-
-
-
Target
CONFIRM_.EXE
-
Size
417KB
-
MD5
abb3147d8c0e9f65b3248004b8fffb91
-
SHA1
127a10da0021ae217648b3636f38d84b8f1459f1
-
SHA256
009e6b48b7d9b2a802d6e831138b1e55c4390861c123287e134bbc21f8a6e225
-
SHA512
af55e007019139a2257815f50f4e1de3fbc6e1fc9195104c989dc6935bc3ec494c2a5900fb56d13fcf1c1a9043659e9c77a7af37b17aec63d9c59a88b9efed02
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-