General
-
Target
6b64d50e4cdd9324e9ebba004b4b923d88bc82d9161b92c6113ee80034559951
-
Size
380KB
-
Sample
220521-nhdjkaghcn
-
MD5
be90593cf28df43f782c2c664a166a29
-
SHA1
cb19d004621fcad1567e59cd66f6e39595a0c947
-
SHA256
6b64d50e4cdd9324e9ebba004b4b923d88bc82d9161b92c6113ee80034559951
-
SHA512
4a882f71e5455ca72731d6fc335ffcf5448892448b8aa63178a7ab1f547209af6bc5823c9414670eecc32e0a6c46dbebc022873bc4ceffed15aeb8141b6922db
Static task
static1
Behavioral task
behavioral1
Sample
ENQUIRY FOR GROUND LIGHT.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ENQUIRY FOR GROUND LIGHT.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.drngetu.co.za - Port:
587 - Username:
cso@drngetu.co.za - Password:
WNFpR3FOMJ@6
Extracted
Protocol: smtp- Host:
mail.drngetu.co.za - Port:
587 - Username:
cso@drngetu.co.za - Password:
WNFpR3FOMJ@6
Targets
-
-
Target
ENQUIRY FOR GROUND LIGHT.exe
-
Size
428KB
-
MD5
771faddf9ed0dafb008704e0364778b2
-
SHA1
1f3285e5a0c7d879b043650e59ed56e2567e6fa5
-
SHA256
26b0c60003a6b8c46327c68cffd48e719ae1cfffe87d119dbec59e14d23a1ab8
-
SHA512
2b78826737492a884faaedd04807e528e9da2c779b230470c97ff4b66e1c342bda46189230710c09df1d94019b35575cdded31b9bc3bfac35f748de9919c7505
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-