General
-
Target
edb58c575c8065f8aa5669e9e5d51d3468e39374a1dd175f2c7ac3d93d1c9835
-
Size
312KB
-
Sample
220521-nym3yahdgk
-
MD5
4f65bd097709bf280283d94831e44254
-
SHA1
c0efa28aa9c29fee547940eb929a62610b2cdb05
-
SHA256
edb58c575c8065f8aa5669e9e5d51d3468e39374a1dd175f2c7ac3d93d1c9835
-
SHA512
df9347e81c5e0a3fbf96684fd2c6b364dd138e13f604d1005a9b524927bf54c7b2c286e506ce1fd0961dca5aa80bd09531ea246167dbf944a1f77e2d2e70a4d3
Static task
static1
Behavioral task
behavioral1
Sample
Purchase-Order 2750mm.htmll.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purchase-Order 2750mm.htmll.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.hanovredisplays.com - Port:
587 - Username:
msg@hanovredisplays.com - Password:
onegod5050()
Targets
-
-
Target
Purchase-Order 2750mm.htmll.exe
-
Size
353KB
-
MD5
29a7fb76f9d2d812e18438707444c239
-
SHA1
609d4bd371b69d4fea3a05c7bf7e9b8c648b67c0
-
SHA256
5cc2a951232a8a7907e38e9b77226b20d465bb2961d483c5c26f915ea94b3c4b
-
SHA512
e4ea5ef9fb67a6d3d875a21adac6499c91923c151bda04e3c7d15e192ce16e01fd408e44de75414995625ae3ff6275ce1bc6ebb392c2ed273014703f09fa5580
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-