General
-
Target
dcca2b71be058054dd0b9393ab5b02a8ba569640fb96fe5d1629acccce179804
-
Size
523KB
-
Sample
220520-3pj29acbfk
-
MD5
71f0fc17c747b38fbb90c843475bb97f
-
SHA1
8d921a1a8f687b0c405d273ddffc808529e1d8a3
-
SHA256
dcca2b71be058054dd0b9393ab5b02a8ba569640fb96fe5d1629acccce179804
-
SHA512
a285afb604eb0bac4201483affaad3b168c56dc1bb7f286906f63bc6fca8255e00aa958ad529aa780f51d92c47bf9c52b7fa749226bd399e0327312cd536bd84
Static task
static1
Behavioral task
behavioral1
Sample
MV NAHIDE-M EDPA REQUEST FOR SHIPYARD CALL.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
MV NAHIDE-M EDPA REQUEST FOR SHIPYARD CALL.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.federalpower.com.my - Port:
587 - Username:
[email protected] - Password:
cheazizi123!@#
Extracted
Protocol: smtp- Host:
mail.federalpower.com.my - Port:
587 - Username:
[email protected] - Password:
cheazizi123!@#
Targets
-
-
Target
MV NAHIDE-M EDPA REQUEST FOR SHIPYARD CALL.exe
-
Size
932KB
-
MD5
56f24734839645bc71d9e354413971b9
-
SHA1
0942bb2c150d8fba128ef3acbb30da6536ad178c
-
SHA256
e1117b5ae3e0424b17971fcd47d27d29f26f2bd40f5f899bdabcdcfa68a57e6d
-
SHA512
de39622ef6db7ada51e65d8458c2ea0b90cee790c406a6e2daa36f6db1cf5ebca2ec9914fcc82e57d54dcb8c00028a0dec814333d46413c067556ac3e9cb27dc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-