General
-
Target
e2a7702dd3c5b857f52bff7266c66af153cd4a2b225c568afc19acb58a22ba25
-
Size
421KB
-
Sample
220521-nyy57shdhk
-
MD5
987c39e404770061c4d6df4b2802dde0
-
SHA1
ca39a153c9d87adc0195801e961a396948fa433d
-
SHA256
e2a7702dd3c5b857f52bff7266c66af153cd4a2b225c568afc19acb58a22ba25
-
SHA512
6caebc2df56043191ef9cde0323d2164c082db0ad07e044d1cc06a848f94add5212f8268ecb80e4bb4354710bd604c53d4aff534067a8e5e329dc9dc86a2f900
Static task
static1
Behavioral task
behavioral1
Sample
Crypted chidubem.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Crypted chidubem.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ggdbandas.com - Port:
587 - Username:
anaberta.santander@ggdbandas.com - Password:
Anita.2018
Targets
-
-
Target
Crypted chidubem.exe
-
Size
499KB
-
MD5
bd90b937f05109eca2c51d7c4f1bf35f
-
SHA1
3b97193151af016a51b712590bb6c1d796581300
-
SHA256
35d8fbdb864d9104dd1a9f05fe522b27bb6d278ea993a7863b298b66df06636b
-
SHA512
a3105130104e7cb061d2da7996bc16faf7247fca48ecbbffbba67a9b6d96c1cdd42614c833d7f1ccbade5c9af211c01f3f6f7fc535a315f6202299b5f82f2ef7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-