General
-
Target
150ff79b8e8f3c3e3fb6e325469023a1988e56697834737bffcaf513e267833c
-
Size
1.0MB
-
Sample
220520-3fhstsggg3
-
MD5
3dc57131508b4e8c6fa5c5c767f0c070
-
SHA1
da8a8b61da761a5b2ace5a85df4982133b6adce0
-
SHA256
150ff79b8e8f3c3e3fb6e325469023a1988e56697834737bffcaf513e267833c
-
SHA512
a185912bb6ec8b5cb79e8e2cb71f095a868fc5ea5e95910e705ada2a623314927ecaf771075b8862b732f95c3c5791b57310c44b001dc0f747d05499af2422e4
Static task
static1
Behavioral task
behavioral1
Sample
Datasheet and specifications.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Datasheet and specifications.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
Request for Quotation for MET Group AG.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
Request for Quotation for MET Group AG.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
formbook
4.1
hkn
nickherbal.info
desenlicoraplar.com
logo8023.com
gta5.ltd
surgicalmind.com
sigmanautomotive.com
theophileblog.com
wallaborate.com
ottawatotalfootcare.com
theusacoupons.com
lagharha.com
393351u.info
letthemeatcakeny.com
imgoingtohellgame.com
lovedovesbeauty.com
cheapsalenow.com
prodigynebula.win
suzhoucheckmate.com
splashautopark.com
lieflokken.com
detiktoon.net
koesugu.com
cotaforlilahkate.com
clubgrei.com
losefourinches.com
blueearthgeoarch.com
centrocardiop.com
drawisa.com
moneyiusedtohave.com
klassikwears.com
amvatashopping.com
jasonandjy.com
thenobelpepper.com
tutorial-download.win
bostonsbesthotdogs.net
gefcvhns.com
dhakshanamurthycranes.com
restaurinteriors.com
barsolutionsinc.com
dock.ltd
shanghaifengyi.com
officesetupkey.com
sahlatech.com
xqk3.com
yunanshangchao.com
cancauviet.com
mdominoqq.biz
rickglassberg.com
nomadewebzine.com
mypeacenow.com
fotizopharmacy.com
testindiatax.com
speenmetal.com
apptraffic4updating.date
b2b-26877924532aad8.xin
5173games.com
bitvpn.info
torelai.com
harleycartoon.com
saierhongkong.com
beykozevdenevenakliyatci.com
homelink2you.com
950vpk.info
rnidwestinc.com
patlod.com
Extracted
agenttesla
Protocol: smtp- Host:
smtp.flowtech-eng.net - Port:
587 - Username:
[email protected] - Password:
RKZtqmQ*#1
Targets
-
-
Target
Datasheet and specifications.exe
-
Size
799KB
-
MD5
6a8a29a1395db9c9d0dd8a00489a85c0
-
SHA1
7962521b71d7222cc4aec8db1a6566b2f36653f3
-
SHA256
4a21cad0d588267ebde8f8112e9d85bf355c77434beda6436cd9403a0a787c0d
-
SHA512
ef14b51d2950c4a5c299e00286086b5331548c1104c328c746d1dbb1735116d8b7a0cab7efd13154500d940ba635fc4d52144bfd49c0c7a1fbac69bbf6ac224b
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Formbook Payload
-
Adds policy Run key to start application
-
Deletes itself
-
Suspicious use of SetThreadContext
-
-
-
Target
Request for Quotation for MET Group AG.exe
-
Size
887KB
-
MD5
b7b5b372f5e4a1d4a93d2638b893e7e1
-
SHA1
19fb6827cc70cfce92ea0e997823d4e0197bc729
-
SHA256
850d2b9605dd60453e789781aac42f97222f0f1c86ed87c5daa27f38e395e2bc
-
SHA512
0453280c854cef1b38abccf48ff11615c88dab7cdcc380c62dfd28d7cf9573f8134a82e8e0a5aea55d9179b7a8eb3ff51063e5a9b141a7c6707bc8dea8495c0b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-