General
-
Target
b6fc8ab4b264264c65a72b2d45920b62132c12056c1b40ff1a1ba78876dd0da9
-
Size
488KB
-
Sample
220521-b37a6agacn
-
MD5
cd3636f4252cbef7d4b6fb25c8dd612d
-
SHA1
741fa83f65b3bbf6d1e8756d0d10c09de892fc24
-
SHA256
b6fc8ab4b264264c65a72b2d45920b62132c12056c1b40ff1a1ba78876dd0da9
-
SHA512
f26e53966434f4078da8309da50b567bc608eaabc9a1d8990315a9fa9ecdb71e53e784a2419e6142d289575ed7d5f7ff50481a5a47b102b8d90c4cdf53764709
Static task
static1
Behavioral task
behavioral1
Sample
makaveee crypt.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
makaveee crypt.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
makaveorigin.cf - Port:
587 - Username:
[email protected] - Password:
Spoofyou2015$
Targets
-
-
Target
makaveee crypt.exe
-
Size
427KB
-
MD5
5718532a656195b674af9eb00ca56d87
-
SHA1
0c8aa71adf938d492bd03a7a735a4b0e3d3f392a
-
SHA256
29c0f8725394f8b4e31cb31f6700cecd563123fa7ab9e6d78f3bd8fc962f89f7
-
SHA512
8fa410178200195445a9ba5b23732249106c717557050bfe1e44dd36a822dd45d2af390b3adaa235a7f755d25e7af544caf7d9786289735b4643df036fe4e380
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-