General
-
Target
4a2a1daa1760a7423f2b755dea3b32ccb7efc5a4b3ddd866f1de2eafcbf7c9d0
-
Size
843KB
-
Sample
220521-ebyfqacbfn
-
MD5
d2a4fe5fcdba15677f2a71fe64d60931
-
SHA1
420c85280098e08c719ec0addcde33e9b893f893
-
SHA256
4a2a1daa1760a7423f2b755dea3b32ccb7efc5a4b3ddd866f1de2eafcbf7c9d0
-
SHA512
7dc346df46e38208cf0adf2579cd51cdb7ed57bc55bc0127a412708761918809c84c253aa2b135bbf4a69710c59cf68922fddfc11ea3ea624c096162cfb21bfe
Static task
static1
Behavioral task
behavioral1
Sample
promise cripted.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
promise cripted.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
promisecrypted.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
promisecrypted.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.insooryaexpresscargo.com - Port:
587 - Username:
[email protected] - Password:
GuG5GK(3m7*Z
Extracted
Protocol: smtp- Host:
mail.insooryaexpresscargo.com - Port:
587 - Username:
[email protected] - Password:
GuG5GK(3m7*Z
Targets
-
-
Target
promise cripted.exe
-
Size
459KB
-
MD5
5e5769b61d855338e115f91ec350d27d
-
SHA1
a0a32e969872a3548a171abe78223d2b44061ff3
-
SHA256
21d19ba98de8b710605e144809cae73bc3b7606cfc49e995a267cf44e4c2638f
-
SHA512
b913b5ffedcab3db0bae22127ee6e8aab511327ebe9562ec47392af9b4c5dd9b13230b83ad8c82e5cad2bc27f1e20e27bc804ef87c9dda6f2403ee8ea3faa4fe
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
-
-
Target
promisecrypted.exe
-
Size
691KB
-
MD5
47bb488aeb3ce0e005ac5e1a9d57bfda
-
SHA1
63d44c1fb00ec4910d9ad95cc15daf6e86ed3cdd
-
SHA256
85f9449b3bf138291017bff513ccc66cdbbb81478098149bf6ddaf44410c235e
-
SHA512
f1426c35ec3f265d028e4f70867f4e62b95b39842abbd7ca8cae395fec34de27ce9d58849f7a4a8f6acfa4aeb7fe3abf643eeb9e5a8c1c9139940f2be91b2169
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-