General
-
Target
e8e78e9e5f6cef4d8d68f6aa53923c1d899bd7ad0f1094c2257e68c595a91bfe
-
Size
239KB
-
Sample
220521-nytwgsecg9
-
MD5
2b01988b09db04abdbd45ef82f4eef6a
-
SHA1
77b870496107edb916f78e83538a932047a044a9
-
SHA256
e8e78e9e5f6cef4d8d68f6aa53923c1d899bd7ad0f1094c2257e68c595a91bfe
-
SHA512
78f00c66ce3a51d7e13eb13f58e6960d5ac75488b44dd86be26325c721832777f9131246f9364bb1bc88c89272287e95d11a43ae898d058f55202a19e7f97f5e
Static task
static1
Behavioral task
behavioral1
Sample
chusmoni.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
chusmoni.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.lallyautomobiles.net - Port:
587 - Username:
partsshimla@lallyautomobiles.net - Password:
HondaNew@2015
Targets
-
-
Target
chusmoni.exe
-
Size
333KB
-
MD5
43ab1e4d8499507ba762ed516b3c46f5
-
SHA1
dbb84608528fff3bbe56592d9385c22019cdf663
-
SHA256
c17b7612a5cd7b21ca202a966406d24d7d42047f13ba6254c5ea284d7d4fc764
-
SHA512
28572516a323404a3e1f44d9b57487607e0fdb598358f156023a77818128355b159103664ed449e1bf6d3f75aca27a68e9117a2f8d802b578483312bc2e81bb0
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-