General
-
Target
Overdue for July & August Statement.exe
-
Size
756KB
-
Sample
220725-janx4sbbhj
-
MD5
519f978ffc3f713491f62c05f2496ea8
-
SHA1
eeb24e554c7f73597731d7967b3e351e2f57bae7
-
SHA256
f364017f935cd2a302b9559a6036afcf91bb74203fab0b8e56a47771eda96e3b
-
SHA512
ba95a995e4930f6d575087b417580dbad50c13b77cdad87f2efbaa9655217b7de92b4826f124c355640933fd20dd91f8942e79b2afcc2ddf8a1cedae9f599562
Static task
static1
Behavioral task
behavioral1
Sample
Overdue for July & August Statement.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
Overdue for July & August Statement.exe
Resource
win10v2004-20220722-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.fardarlogistics.com - Port:
587 - Username:
hr@fardarlogistics.com - Password:
fardar123
Extracted
agenttesla
Protocol: smtp- Host:
mail.fardarlogistics.com - Port:
587 - Username:
hr@fardarlogistics.com - Password:
fardar123 - Email To:
jinhux31@gmail.com
Targets
-
-
Target
Overdue for July & August Statement.exe
-
Size
756KB
-
MD5
519f978ffc3f713491f62c05f2496ea8
-
SHA1
eeb24e554c7f73597731d7967b3e351e2f57bae7
-
SHA256
f364017f935cd2a302b9559a6036afcf91bb74203fab0b8e56a47771eda96e3b
-
SHA512
ba95a995e4930f6d575087b417580dbad50c13b77cdad87f2efbaa9655217b7de92b4826f124c355640933fd20dd91f8942e79b2afcc2ddf8a1cedae9f599562
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
suricata: ET MALWARE AgentTesla Exfil Via SMTP
suricata: ET MALWARE AgentTesla Exfil Via SMTP
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-