General
-
Target
3de0d0bd30378e7cb766acb922d5301f70f0b1decb179a615dd0b2122e9c30cf
-
Size
225KB
-
Sample
220521-n9c24saaer
-
MD5
7c6173e0d05074baaac91acbbe1f5e5a
-
SHA1
4595972a500852eb05a70c6a49235f9e3e1df2e7
-
SHA256
3de0d0bd30378e7cb766acb922d5301f70f0b1decb179a615dd0b2122e9c30cf
-
SHA512
acff8523840ab5c99fc4ad38698cfe4ac58519eee1379848af1529b43dbdbd93da82e669f9b9bb820af311e9664191f27b303ea9b2f6506aef65be6533ed021f
Static task
static1
Behavioral task
behavioral1
Sample
PO374784_2020-05-14_02-36.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO374784_2020-05-14_02-36.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.spamora.net - Port:
587 - Username:
dada@rnedisilk.org - Password:
dada123456
Targets
-
-
Target
PO374784_2020-05-14_02-36.exe
-
Size
251KB
-
MD5
542bc8a3df6efaaf3195afab17d060a7
-
SHA1
bca30ecd4f3bdcf275bc5e70ae1720c82e382bba
-
SHA256
ea8e9239046f61435debbb3f3905634158e2fedeed56e63e4311d96f1c419c84
-
SHA512
701eaef8040d4b74747f41f721220e927a9abd4752e8934143ada82c62b61620b7417315568087255b54e65a2b05c01a044b92846f1c5b0bc419e87574af4896
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-