General
-
Target
SecuriteInfo.com.Trojan.Olock.1.25787.19478
-
Size
628KB
-
Sample
220725-d4a1fsdbcq
-
MD5
648001a85b52b76357700adc26c026a5
-
SHA1
ea6c087ad34687241fd61292636d8deb95ce8e0f
-
SHA256
64078097de1ac1a9837f2315e1e5cb638a2cc12c538bb56e515376375613d15c
-
SHA512
eda310d7dc80abae8943d3209d82e675789980900c38e5d6ad813a4df4c7ec2014ed5f781a77e176b9961b57d66edee3e1c67ee80ab25f0ff6b8683952691be1
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Olock.1.25787.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.Olock.1.25787.exe
Resource
win10v2004-20220722-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.albatrosplus.rs - Port:
587 - Username:
radmila.milinkovic@albatrosplus.rs - Password:
rasarada11
Extracted
agenttesla
Protocol: smtp- Host:
mail.albatrosplus.rs - Port:
587 - Username:
radmila.milinkovic@albatrosplus.rs - Password:
rasarada11 - Email To:
auto.glass.metal@dr.com
Targets
-
-
Target
SecuriteInfo.com.Trojan.Olock.1.25787.19478
-
Size
628KB
-
MD5
648001a85b52b76357700adc26c026a5
-
SHA1
ea6c087ad34687241fd61292636d8deb95ce8e0f
-
SHA256
64078097de1ac1a9837f2315e1e5cb638a2cc12c538bb56e515376375613d15c
-
SHA512
eda310d7dc80abae8943d3209d82e675789980900c38e5d6ad813a4df4c7ec2014ed5f781a77e176b9961b57d66edee3e1c67ee80ab25f0ff6b8683952691be1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
suricata: ET MALWARE AgentTesla Exfil Via SMTP
suricata: ET MALWARE AgentTesla Exfil Via SMTP
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-