General
-
Target
hardroot2.exe
-
Size
536KB
-
Sample
220522-f5mfzsbbfk
-
MD5
4bd987fadc09715256aac483bd096588
-
SHA1
ba1cfa7efda4becdf54f8f9abd3b1ea774d47b69
-
SHA256
d2a15bc37d82c300a6f57910ea624261a5d71a73776d974dccc7c2eb6e62f80b
-
SHA512
1c77edcb9c2c137e878ce82146d318890e90547ad9b043c10cfafe176865898ce76f3bfcc6ae88f80b6a6f4cc70120bd93a4277e9c4283ce872162e16bffa00c
Static task
static1
Behavioral task
behavioral1
Sample
hardroot2.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
hardroot2.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.hardroot.biz - Port:
587 - Username:
home@hardroot.biz - Password:
bigboy247
Extracted
agenttesla
Protocol: smtp- Host:
mail.hardroot.biz - Port:
587 - Username:
home@hardroot.biz - Password:
bigboy247 - Email To:
doc@hardroot.biz
Targets
-
-
Target
hardroot2.exe
-
Size
536KB
-
MD5
4bd987fadc09715256aac483bd096588
-
SHA1
ba1cfa7efda4becdf54f8f9abd3b1ea774d47b69
-
SHA256
d2a15bc37d82c300a6f57910ea624261a5d71a73776d974dccc7c2eb6e62f80b
-
SHA512
1c77edcb9c2c137e878ce82146d318890e90547ad9b043c10cfafe176865898ce76f3bfcc6ae88f80b6a6f4cc70120bd93a4277e9c4283ce872162e16bffa00c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-