General
-
Target
S O A EUR 106902.50.zip
-
Size
610KB
-
Sample
220930-t9dljafahk
-
MD5
b9d2e630b122f6d854d678e63e0ea03a
-
SHA1
7d94210e325659dfd17fea0425f03a90d85fe778
-
SHA256
80e81c6340d42db32204bad83edebd1a2810d469e924761fc4602e62b5721668
-
SHA512
5143989825538fd7d54e1d2aa6aceb8c6473866103931a9672d5d91c12d1aa56a1e362bb83998d6ac35668bf463cbf3ac6c5e765a6cdb36a1e6f4337b73dc464
-
SSDEEP
12288:P3zV2iNjWyaUpHNfqxuLnFtMTCVF9VEJDEULmE2yLw6omS06:P3B1dW9U2xuLFtXJEJNzOvd
Static task
static1
Behavioral task
behavioral1
Sample
S O A EUR 106902.50.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
S O A EUR 106902.50.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.dinrack.com - Port:
587 - Username:
[email protected] - Password:
Dms12345*
Targets
-
-
Target
S O A EUR 106902.50.exe
-
Size
1.0MB
-
MD5
d2f3d419a057ee5d710a920c8c895b55
-
SHA1
7abc9867da84b0285aa7ad36e3a21c62f26366b6
-
SHA256
e4cd44ae818b92b18aedaec38f04f96b01e134ddfe70d3a659b1c8ab68910465
-
SHA512
f94b52ba9f6e407465c9f53eea23d3f16d6fd1afe57e0a94f53c51193870acdd4393af48c5e432c6e9e614dfb1bc3f4a6ef801f131ec958216de862daf87ab44
-
SSDEEP
12288:Rf9Y2iNw0+9MKdADqjJ5nh9KTCDP7VqlDMU5eUdmmXS6uP4XFevDf9NcAFsaxe:RfG1IeAjrh9fJqlUj
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-