General
-
Target
7d08714511882a06fd8d75e4ebe1410e459709f86ced54613f63c41f92842bf2
-
Size
358KB
-
Sample
220521-ex3bsschhj
-
MD5
1f8faa3d08e763beef33bc361b70f204
-
SHA1
9f2bf851d7dc5c36b4e9adaca7549c3d0c086a57
-
SHA256
7d08714511882a06fd8d75e4ebe1410e459709f86ced54613f63c41f92842bf2
-
SHA512
57bfbbe34dffcbea040c4f9f8001dddbbeac02e482967cdd8d6c3b6bca26533e3c7b8271aba758612690c40f2eb5d33ae21eff0272675e5062c2d75af2cd826a
Static task
static1
Behavioral task
behavioral1
Sample
M?u s?n ph?m.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
M?u s?n ph?m.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
chosen@@@123
Targets
-
-
Target
M?u s?n ph?m.exe
-
Size
432KB
-
MD5
4242ea562d08c84e8db284c9b3012c91
-
SHA1
229ef54b5349c4c063a8e69a028281d5312c3a7d
-
SHA256
935a6770543edd37e4ecf3dd41f5b99ac4b6ecbadc1ad195b6080f677c506cd3
-
SHA512
4f104f59f83fe9bf5c7a856c8e778d025b0ae345f6c66d7eb4bfd88724096ee9508e7ffb50f4a6af2ba13e60a16155189e9b89daaa4e3aaf3f71b9f1a3bb258a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-