General
-
Target
d2df51d823b8a4ae5fa8b362cbe3bc2e2233801393bf05a6febdefe805bb58a2
-
Size
575KB
-
Sample
220521-n5l48ahgfp
-
MD5
9cadf5babd2e8241b04a0909370b3923
-
SHA1
576d0a0d08af82bd9fe7ae8634a64bf4ab418db0
-
SHA256
d2df51d823b8a4ae5fa8b362cbe3bc2e2233801393bf05a6febdefe805bb58a2
-
SHA512
a76ca83d754f9ab58f852a4904437f882053906708d8716c424d032f8fc57e5351e3e982ce95cc0b7adb07eaa86759c7a721d1f204d62158e2ec8a0603942200
Static task
static1
Behavioral task
behavioral1
Sample
MV- NAHIDE-M.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
MV- NAHIDE-M.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.shivanilocks.com - Port:
587 - Username:
[email protected] - Password:
rqa4@slpl
Targets
-
-
Target
MV- NAHIDE-M.exe
-
Size
796KB
-
MD5
849952b5a2e2e9d5e3511faee9500d61
-
SHA1
5f31d56b0f1ec4e60471ddbf9395a8371c03e00e
-
SHA256
6c2107e074b01aec557d9b1ffeca08ab7ab34beb8c6dce3a65f6e2348fc5501e
-
SHA512
5674a814fd1cf78ce1245a01879c0fc1a0ab336115c3b645c5311bb47ff9335cfaacc3c256726bc2c0d2e8cbe1a8a94d5d50e2c95aceafda732fd0fc21b93a9b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-