General
-
Target
1be4b81f653a0a043c18a5507172f8a8fe30bea80a4ac8d6131853af9fe46ebb
-
Size
124KB
-
Sample
220521-b3922sgacq
-
MD5
6a31f01180e6ba81424c680fe3a3a662
-
SHA1
f6785d37cb8779dd5222397719464fc65d222b5c
-
SHA256
1be4b81f653a0a043c18a5507172f8a8fe30bea80a4ac8d6131853af9fe46ebb
-
SHA512
1f4ae8ffc9fbd4cd04c1c1c8187eed3eba3e96596ddb6c0a0733d735d38b619b1a020d59721ebcbca2c8c9f099208f83a2cfe18e5a9c2b4c324ec73c661cd17f
Static task
static1
Behavioral task
behavioral1
Sample
1be4b81f653a0a043c18a5507172f8a8fe30bea80a4ac8d6131853af9fe46ebb.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1be4b81f653a0a043c18a5507172f8a8fe30bea80a4ac8d6131853af9fe46ebb.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
guloader
http://jkkn.ac.in/winwin.exe_encrypted.bin
Extracted
agenttesla
Protocol: smtp- Host:
smtp.qilonqchem.com - Port:
587 - Username:
[email protected] - Password:
NUfMG!E2
Targets
-
-
Target
1be4b81f653a0a043c18a5507172f8a8fe30bea80a4ac8d6131853af9fe46ebb
-
Size
124KB
-
MD5
6a31f01180e6ba81424c680fe3a3a662
-
SHA1
f6785d37cb8779dd5222397719464fc65d222b5c
-
SHA256
1be4b81f653a0a043c18a5507172f8a8fe30bea80a4ac8d6131853af9fe46ebb
-
SHA512
1f4ae8ffc9fbd4cd04c1c1c8187eed3eba3e96596ddb6c0a0733d735d38b619b1a020d59721ebcbca2c8c9f099208f83a2cfe18e5a9c2b4c324ec73c661cd17f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Guloader Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-