General
-
Target
blessingzx.exe
-
Size
704KB
-
Sample
220522-fzxprsfee9
-
MD5
2bbd2bf04a6bf7ec2715d128c6a6dcae
-
SHA1
6f8fede1ba71eed100a45008e7f39cdee20c61fa
-
SHA256
55c82f009062044f6d89e82b9b4a6c889b3b3379114ebc38e14d4c5904b99779
-
SHA512
5a4c63f5d3e1e7b6bbc2246cd51318f784c4a652aa36855003c1d0f9932074f3068cc1f4315c72fec64e709d6791cdc6509480b63ed6ca7d0ec29b5e803584ef
Static task
static1
Behavioral task
behavioral1
Sample
blessingzx.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
blessingzx.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.utt-ae.com - Port:
587 - Username:
adonato@utt-ae.com - Password:
#yX#rGyo7
Extracted
agenttesla
Protocol: smtp- Host:
smtp.utt-ae.com - Port:
587 - Username:
adonato@utt-ae.com - Password:
#yX#rGyo7
Targets
-
-
Target
blessingzx.exe
-
Size
704KB
-
MD5
2bbd2bf04a6bf7ec2715d128c6a6dcae
-
SHA1
6f8fede1ba71eed100a45008e7f39cdee20c61fa
-
SHA256
55c82f009062044f6d89e82b9b4a6c889b3b3379114ebc38e14d4c5904b99779
-
SHA512
5a4c63f5d3e1e7b6bbc2246cd51318f784c4a652aa36855003c1d0f9932074f3068cc1f4315c72fec64e709d6791cdc6509480b63ed6ca7d0ec29b5e803584ef
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
suricata: ET MALWARE AgentTesla Exfil Via SMTP
suricata: ET MALWARE AgentTesla Exfil Via SMTP
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-