General
-
Target
43fbe0490d41f9ed4c0fef5e9e403cd2c27ba2cd21371c459d9938c613ebad5f
-
Size
304KB
-
Sample
220521-nzllhahecq
-
MD5
e72bce33ae4a096f684e38c278c5d9ec
-
SHA1
260c31beff4d2740d040fb67fbedf5767e367e14
-
SHA256
43fbe0490d41f9ed4c0fef5e9e403cd2c27ba2cd21371c459d9938c613ebad5f
-
SHA512
c168fe71aa396ac56afd1401193954ec4dd438a3eb514b4bee8a922fd8cca7e505475e91f3fda46c396edc57a7a0abced32caddba6e8b84dd96f435bc17da89e
Static task
static1
Behavioral task
behavioral1
Sample
nin brown.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
nin brown.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
chizo@damienzy.xyz - Password:
@damienzy.xyz2240
Targets
-
-
Target
nin brown.exe
-
Size
691KB
-
MD5
3aba1035bc6faea403e8e8d399a75806
-
SHA1
6367d43561d194bd59b559d0f2b715cf688e6bdc
-
SHA256
c86e4587d8ac247c2fc4cabe89298dba2537468f4eb745d9bdd48b9ae7c29e19
-
SHA512
28f8d269aef4f85edd464ad58e86f42af3cb0935c48f2fecf73b9b750463ff4048ade25fba83fd50739a40ce278404828a6fb2c9d1176d0b68d47c8fe58bbd38
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-