General
-
Target
ab60cb42bcd6179d9dcc337880d14e6acc69cd8ce6de7972c7197bdbc87ab3a8
-
Size
385KB
-
Sample
220520-31njtahha4
-
MD5
0df660b0cb851651516067fcd8d3cc20
-
SHA1
2c55638ffa03afc7d715dfed89a5e05d79ce9cc3
-
SHA256
ab60cb42bcd6179d9dcc337880d14e6acc69cd8ce6de7972c7197bdbc87ab3a8
-
SHA512
ca34a417e89860054026af9e4d20c5cb60806a806f1b950843e248b0f64c4d6eef994f6a55758a54394a377a5157d9e2084e40721fba1a977cce943b6c90eb2a
Static task
static1
Behavioral task
behavioral1
Sample
BOQ.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
BOQ.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.threewaystoharems.com - Port:
587 - Username:
[email protected] - Password:
sales@123456
Extracted
Protocol: smtp- Host:
mail.threewaystoharems.com - Port:
587 - Username:
[email protected] - Password:
sales@123456
Targets
-
-
Target
BOQ.exe
-
Size
570KB
-
MD5
5a6c5c9ef15e66c42f7cc9c44214269c
-
SHA1
d3e1bf6693bc36a0e1649b3f4b322073fe1ab7a2
-
SHA256
e0f7770371bb6692870714c68bc5e4d770864d3fee263a1fc6defbca0d9d299e
-
SHA512
cc883176e73ad88a6feece566c49d8fc78d5fc83055faa0de067b716ce105240f2c95a5fb5d0454e699bbe4bff4922d2f0948ff3211d1860a118bc2e173f2595
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-