General
-
Target
384defabd1019ea4e734dd397b51659a8efb0384a0d4fe58bb3a1d6ae2ea7552
-
Size
424KB
-
Sample
220521-b2bsvsfheq
-
MD5
6246ecae009741fb1b089c4db0747a99
-
SHA1
b275a18bc6ce38ba8a7f79457884a490bc06e246
-
SHA256
384defabd1019ea4e734dd397b51659a8efb0384a0d4fe58bb3a1d6ae2ea7552
-
SHA512
3345e856880ff4a87ecb7d82700a833bd684ac6ebf9c7938db1b969e6b0cf5271e783748c189b65c7e71e8f84804aea344215eb1be8687af26586b8968ae5e1d
Static task
static1
Behavioral task
behavioral1
Sample
CTM FOR MT. WOOJIN EVELYN.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
CTM FOR MT. WOOJIN EVELYN.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Lion@4321
Targets
-
-
Target
CTM FOR MT. WOOJIN EVELYN.exe
-
Size
622KB
-
MD5
fced44984bbe8dd9c343c21d46cb9ded
-
SHA1
8d835f1fa8f6f24e659315ebf37c3464dadd46ae
-
SHA256
852a56f32acf5fd08621425269ad1980d54d40a45a2d9ef45e535edafb078098
-
SHA512
dbf4c7766d5929acc037f8c4d5dbaafe633cd1bc197ad6ccd8ef60f9fa15a43dc87a4eed99b7de384c7ca22ca88e5673fa573ac42d0144cd33e702d95ea7e73a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-