General
-
Target
men.exe
-
Size
894KB
-
Sample
220522-gaf66agbc3
-
MD5
45edc34840d4064a30068fbce08d3216
-
SHA1
3c285e23a2857853dfd5e71e04819f858c51f2d2
-
SHA256
fca9c0410b06e1f10b9f1cab03993f58d9f422a4fdf77688a60d87a175738726
-
SHA512
fb455f8c02d477c596abe666dcf4b5db139c462107643d305dce225a4f410e8089d87688d32d8c5a6f18aca1b5c830c5e36230be57360b2f34e7f43c1e25a3fa
Static task
static1
Behavioral task
behavioral1
Sample
men.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
men.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.amalgama-com.gq/ - Port:
21 - Username:
yes@amalgama-com.gq - Password:
s,Xz}jSn6~i.
Targets
-
-
Target
men.exe
-
Size
894KB
-
MD5
45edc34840d4064a30068fbce08d3216
-
SHA1
3c285e23a2857853dfd5e71e04819f858c51f2d2
-
SHA256
fca9c0410b06e1f10b9f1cab03993f58d9f422a4fdf77688a60d87a175738726
-
SHA512
fb455f8c02d477c596abe666dcf4b5db139c462107643d305dce225a4f410e8089d87688d32d8c5a6f18aca1b5c830c5e36230be57360b2f34e7f43c1e25a3fa
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-