General
-
Target
PO fcl 20'HOC0039119xlx.exe
-
Size
886KB
-
Sample
220521-jy32yaeccl
-
MD5
eb47bbd112cece167cfde57fbf70c2d9
-
SHA1
cd34c36c3b2c35d68ad6ae4db4ca47286d50915f
-
SHA256
740cdbd68d1d3705021e8b857f177c39938aa485f561ec1c208264d7d4ee5927
-
SHA512
0c5c2ad6f1c3d3496126a1b418e9afcf28d846ed2506175e19a84a1cb48d228d2bf692db129ce778a4b3102216da133af0bc8712c6e758a6624f85dd5bc7cf57
Static task
static1
Behavioral task
behavioral1
Sample
PO fcl 20'HOC0039119xlx.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO fcl 20'HOC0039119xlx.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.topfrozenfoodbrand.com - Port:
587 - Username:
[email protected] - Password:
Everest10purch
Extracted
agenttesla
Protocol: smtp- Host:
mail.topfrozenfoodbrand.com - Port:
587 - Username:
[email protected] - Password:
Everest10purch - Email To:
[email protected]
Targets
-
-
Target
PO fcl 20'HOC0039119xlx.exe
-
Size
886KB
-
MD5
eb47bbd112cece167cfde57fbf70c2d9
-
SHA1
cd34c36c3b2c35d68ad6ae4db4ca47286d50915f
-
SHA256
740cdbd68d1d3705021e8b857f177c39938aa485f561ec1c208264d7d4ee5927
-
SHA512
0c5c2ad6f1c3d3496126a1b418e9afcf28d846ed2506175e19a84a1cb48d228d2bf692db129ce778a4b3102216da133af0bc8712c6e758a6624f85dd5bc7cf57
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-