General
-
Target
9872404dec861a257b694f7c41f7f8b54cbbbaeea302162ba5c376fe130c461e
-
Size
256KB
-
Sample
220521-cyldkaeff9
-
MD5
9c9f8cf7097e424198669caf94cb4937
-
SHA1
15866cee76cc25a94b7e11617a014b933953770d
-
SHA256
9872404dec861a257b694f7c41f7f8b54cbbbaeea302162ba5c376fe130c461e
-
SHA512
9a137ae1a4d757e803244d6867558f1f8fddc1310ba9c83a5dbc5188e429c40961074cd39e42a7df90c6b10f298e9355e81fe3855575a7130f7ad50ee61b9beb
Static task
static1
Behavioral task
behavioral1
Sample
Shipping Document PL&BL Draft.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Shipping Document PL&BL Draft.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.flood-protection.org - Port:
587 - Username:
[email protected] - Password:
kelex2424@
Targets
-
-
Target
Shipping Document PL&BL Draft.exe
-
Size
625KB
-
MD5
64e4d4aa0542e49e9b08868b241e70db
-
SHA1
8267f4704aabcc486762b13d91e3130b4e75ba10
-
SHA256
3bae40f4ada889d55841eebf00744c945343094c081c35c146de733313d9d516
-
SHA512
47ff8f59cf1e427d7bf77950f2004b167272da31a923e6f83ffd5c75d1b7c8e8ac658f4b2ed12621cd2f14e8b654509769935d3e201e55541e221e22fd99b582
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-