General
-
Target
2d32807c973d629ca652f791cf01d802eca58b099fde691b4b33c7ae98cb7fb0
-
Size
711KB
-
Sample
220521-b2ff2scha6
-
MD5
b84bd1b1eef8b374710175d71318f612
-
SHA1
79cf6975c17ac2cc1490040fb7a3a8ce58a05d82
-
SHA256
2d32807c973d629ca652f791cf01d802eca58b099fde691b4b33c7ae98cb7fb0
-
SHA512
5b591701f5a1af94787b93fe81273b544c7fc5d63bed23c6d5554dd7969ba6ec6b192e6e3e0f2c6ceaf5a1b06bc2d3ab7892d583fee69bbe8d04e11cd6a37bc8
Static task
static1
Behavioral task
behavioral1
Sample
Earing sample.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Earing sample.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
Order.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
Order.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.megaworldcorps.com - Port:
587 - Username:
[email protected] - Password:
UBx@@re1
Targets
-
-
Target
Earing sample.exe
-
Size
388KB
-
MD5
54ea8a84f32926bccd4d9371aa32a2a7
-
SHA1
38c3a0d14279074d63ccd5a4edf915d87636d365
-
SHA256
bee7335822adad100e62824cc28283de9513e8d3141752a7f52a0cbe8b2f0342
-
SHA512
b18c3187223d5ef59201d80f7e3fae59e7658b4de3e3532193c9bd5ca1758946f7a4e0a64dfaa7409c0e77b04f5419c156f874d581980fe55e34257f5f818841
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
-
-
Target
Order.exe
-
Size
406KB
-
MD5
857b36a2bf6985204266d05d96541240
-
SHA1
7ef268aeba1d647208cda6b527da08d5ea9825c5
-
SHA256
2c1988b65fec7b60932b4ecdd808c99f026ef9e6e97244b56ebbe629a22c1e4d
-
SHA512
5cd4d6704818097e838d75339ac4a8cf186bf761f21af997ab090122cc450cec985cde47f19924d26224a2948d23a7df69268ab0b999e1839205bb2a781597db
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-