General
-
Target
3bfaa6286d8fbef05f151d5187b10b0d1db59112e36da9240e240c28a143b624
-
Size
868KB
-
Sample
220521-n91s6saahj
-
MD5
2ee1b13c5fda8793a1e49f301dbbc0d2
-
SHA1
14e6c23aadeaaadcd730d1fa360f0e27940f0184
-
SHA256
3bfaa6286d8fbef05f151d5187b10b0d1db59112e36da9240e240c28a143b624
-
SHA512
493d0b189220b7a1f1b1b5e828ef809c39f0436f45ee6bd5ae5e318b130c5881264ab1c12f3292af7ecdcb11ce10a1183be69541a2592fcfe8183c6b22693a75
Static task
static1
Behavioral task
behavioral1
Sample
3bfaa6286d8fbef05f151d5187b10b0d1db59112e36da9240e240c28a143b624.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3bfaa6286d8fbef05f151d5187b10b0d1db59112e36da9240e240c28a143b624.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.flockmail.com - Port:
587 - Username:
info@jar2law.online - Password:
Kclove9090@
Targets
-
-
Target
3bfaa6286d8fbef05f151d5187b10b0d1db59112e36da9240e240c28a143b624
-
Size
868KB
-
MD5
2ee1b13c5fda8793a1e49f301dbbc0d2
-
SHA1
14e6c23aadeaaadcd730d1fa360f0e27940f0184
-
SHA256
3bfaa6286d8fbef05f151d5187b10b0d1db59112e36da9240e240c28a143b624
-
SHA512
493d0b189220b7a1f1b1b5e828ef809c39f0436f45ee6bd5ae5e318b130c5881264ab1c12f3292af7ecdcb11ce10a1183be69541a2592fcfe8183c6b22693a75
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-