General
-
Target
1af00abb9629bb4bfd45b1f7994883add919e5d120d8844ab422e19cf3dfd770
-
Size
382KB
-
Sample
220521-dx5w9agec7
-
MD5
659fdfbe376f6463228d7e5913e5fef9
-
SHA1
e44550931c9a0c08201f38b23579699e6bc9c7c3
-
SHA256
1af00abb9629bb4bfd45b1f7994883add919e5d120d8844ab422e19cf3dfd770
-
SHA512
deeb86ad76507ad4075d6c76227d4d31dc7322b6aa4947e8a7f0df0887e6a6e8c702b38296af046294f024f148f5448881ba1047ed5f3d8070b75574db71d504
Static task
static1
Behavioral task
behavioral1
Sample
Cables Demand.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Cables Demand.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
solomon12345$$$1
Targets
-
-
Target
Cables Demand.exe
-
Size
416KB
-
MD5
a6353cb228c5035a9ef68d475da91fe7
-
SHA1
e3e70404c00beaa1185c50c49f3abf84ce9d887c
-
SHA256
b977389b487ea178bc1ce4448a2a67c5f0a5d327a6c9500308574aa9945901df
-
SHA512
31ed5cc5a9c1214baf69fdd29220ba0be0eb9ab8866041a6256f8e12eead7f7a16f846e923485417bd5cbf318a7d1bd8431ab6f682bccdb775e0d34bdb12c154
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-