General
-
Target
0ea0deca999677cda2359ab9c96fab953db2e2e3a47d7d1194b0f3c37d3f4835
-
Size
626KB
-
Sample
220520-2n1g6sffg3
-
MD5
408e7eda9ba93ea8144364127a2771df
-
SHA1
6fb732814a2e3438349d3c3680238a843a6828ff
-
SHA256
0ea0deca999677cda2359ab9c96fab953db2e2e3a47d7d1194b0f3c37d3f4835
-
SHA512
3bbfe2cdb0340482b6c2034d6b0a860c2296d904e1b08f8ea010b8c68758deac99e3138724ac527c1b6c371fcd9682e3c863ea60bf05a130e4bb4313721fc826
Static task
static1
Behavioral task
behavioral1
Sample
MV LUCKY TIFFANY.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
MV LUCKY TIFFANY.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.maihyundai.com - Port:
587 - Username:
[email protected] - Password:
isla44332211
Targets
-
-
Target
MV LUCKY TIFFANY.exe
-
Size
783KB
-
MD5
b878c3a2d2acd700fdc3275ed6557383
-
SHA1
81b161ec5ced453eb0a7ac1d25dafb825ff67228
-
SHA256
a9cf92e1eeda276eae412eb2236216cadcb6342d6c4e638ea337349693f633b9
-
SHA512
11411c7494a1a71a3ad2fdaf9183bdc704801fe2a5a4207b348fbb4feabe74ce57999fbed57e771999997cb44cbb1d3c5238555b8c1eb270deb219cbbc19f271
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-