General
-
Target
b3d345c8b3c9fbd8dd75dfe373beeca27c63aab4d3778ef6dc1e2167b89d6f80
-
Size
271KB
-
Sample
220521-n5xwqahghl
-
MD5
ea0549838ca694514ba3d5222ebbafea
-
SHA1
544f62060683807a459e8a9ad181410687e13833
-
SHA256
b3d345c8b3c9fbd8dd75dfe373beeca27c63aab4d3778ef6dc1e2167b89d6f80
-
SHA512
08bc30de96f17374bbbe46bb8f6e0bf6edcd9f2ea2ed662b749a34ad77a5b9f024a98aec06fb7fab9bf4cb04ac0d1c60c0a7cd758acba86fb9c776cdcd0a3c76
Static task
static1
Behavioral task
behavioral1
Sample
EMD2343.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
EMD2343.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.flood-protection.org - Port:
587 - Username:
[email protected] - Password:
emmydon2424@
Targets
-
-
Target
EMD2343.exe
-
Size
648KB
-
MD5
b73a5278882483017c5b3b40b2979e15
-
SHA1
716441708ae9146c1f79681c7c83dd8b3ea197b6
-
SHA256
e15aa7c26008b8fe0d0a18be659ac958c5012837bce4d30d39f82848e73e4444
-
SHA512
9b444a177def9d7d8e4f3d88eac3cab25c42f0ca1a49e94c55030c3ebf8b3d6e9364a00d49ef94af79c649ee0c1e4701211d9d5a2a575d1db4a9c6d6b005c196
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-