General
-
Target
7da8366128fc796c5973bad384fbb8863bb2cbf14b4f1230acc3a395db190141
-
Size
381KB
-
Sample
220521-aj8jfadccn
-
MD5
1d663545f01c4fa53f31ee542e8f7e53
-
SHA1
db0aa4ead2bbef8f5e3ebfeb702f3fe99c0e5ea1
-
SHA256
7da8366128fc796c5973bad384fbb8863bb2cbf14b4f1230acc3a395db190141
-
SHA512
944690b4efe0cd32e6a6cb0815accee66a4fdbf8ab04eddbc690bcbb01d16d4b58c0af4f065b289f7264d7acc26c0660b2dec997ca3190625e08861c6d3a4f63
Static task
static1
Behavioral task
behavioral1
Sample
TOYO_Ms General conditio.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
TOYO_Ms General conditio.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
IZmBVEm3
Targets
-
-
Target
TOYO_Ms General conditio.exe
-
Size
423KB
-
MD5
2e33fb697e29b12ade0ec2ab18a9abe3
-
SHA1
6e0692aa1ce8fb1d67bfffa0561fdfb2c3a35912
-
SHA256
6a304eb65d7aaf500fa186406ed9bd3f02394251010b24aec66ed92a0fd71d90
-
SHA512
5fb48596be31a72c8d7c026d7a2f275b09e086ab9241de4c6f7c114e879497aa6aa9e2460a6fae6236f0793f816372d80699d83028c7b92727b51ef96c92c543
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-