General
-
Target
5d3a7e5e8a47e02d61ac9d00cf971084b71302d7a4336646ec89cfcfd123e7ad
-
Size
104KB
-
Sample
220724-svh22ahaen
-
MD5
41b8ebea130af2dce87ef474e0da2fc2
-
SHA1
bc365851c8eac8d54217c3460c3d29f1044f8ac2
-
SHA256
5d3a7e5e8a47e02d61ac9d00cf971084b71302d7a4336646ec89cfcfd123e7ad
-
SHA512
eeb11bba8f876fd5a825d4a8dfe18bb9a8a1c5050c152c69f7ee1383dfd612e268873a02546f7e5f9b60f4c7a3369e575fc995a02447f96f6305a3340d27205a
Static task
static1
Behavioral task
behavioral1
Sample
5d3a7e5e8a47e02d61ac9d00cf971084b71302d7a4336646ec89cfcfd123e7ad.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
5d3a7e5e8a47e02d61ac9d00cf971084b71302d7a4336646ec89cfcfd123e7ad.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
guloader
https://hleborezka.net.ua/binn/ba_encrypted_88115CF.bin
Extracted
agenttesla
Protocol: smtp- Host:
mail.menawealthventures.com - Port:
587 - Username:
grant.onedo@menawealthventures.com - Password:
$Urhobomena1965
Targets
-
-
Target
5d3a7e5e8a47e02d61ac9d00cf971084b71302d7a4336646ec89cfcfd123e7ad
-
Size
104KB
-
MD5
41b8ebea130af2dce87ef474e0da2fc2
-
SHA1
bc365851c8eac8d54217c3460c3d29f1044f8ac2
-
SHA256
5d3a7e5e8a47e02d61ac9d00cf971084b71302d7a4336646ec89cfcfd123e7ad
-
SHA512
eeb11bba8f876fd5a825d4a8dfe18bb9a8a1c5050c152c69f7ee1383dfd612e268873a02546f7e5f9b60f4c7a3369e575fc995a02447f96f6305a3340d27205a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Guloader payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-