General
-
Target
fwdPacking List (8.76 KB).msg
-
Size
25KB
-
Sample
221002-y6h43aagej
-
MD5
22cac913784ba7331e7aa96ce23fc7ed
-
SHA1
470cb89eaf735348d3ddc0ec1dd25d51a390e653
-
SHA256
c3dabf7c8397559c952aa488cf7f6ad57ba614e0e17923ac061a5cadcc94c6ef
-
SHA512
f4055bbd44abda4a9eb20a95ee372e981f8963bf78e7d5ba04542fc6e6629a95f6d9cdd6315cd9b27c508ff3c94c762d5faa4f687b150b888d9a189210755ca0
-
SSDEEP
384:4sSDaf9+XzLT4qgFxJb3ujB5GbEpw144fLnxdjU1o78/8sA:4sSDaf9+XvT4qgFfb+rGyw14k/8o7O
Static task
static1
Behavioral task
behavioral1
Sample
fwdPacking List (8.76 KB).msg
Resource
win10v2004-20220812-en
Behavioral task
behavioral2
Sample
Packing List.chm
Resource
win10v2004-20220812-en
Malware Config
Extracted
https://mgcpakistan.com/yimu.txt
Extracted
Protocol: ftp- Host:
ftp.onogost.com - Port:
21 - Username:
infoo@onogost.com - Password:
boygirl123456
Targets
-
-
Target
fwdPacking List (8.76 KB).msg
-
Size
25KB
-
MD5
22cac913784ba7331e7aa96ce23fc7ed
-
SHA1
470cb89eaf735348d3ddc0ec1dd25d51a390e653
-
SHA256
c3dabf7c8397559c952aa488cf7f6ad57ba614e0e17923ac061a5cadcc94c6ef
-
SHA512
f4055bbd44abda4a9eb20a95ee372e981f8963bf78e7d5ba04542fc6e6629a95f6d9cdd6315cd9b27c508ff3c94c762d5faa4f687b150b888d9a189210755ca0
-
SSDEEP
384:4sSDaf9+XzLT4qgFxJb3ujB5GbEpw144fLnxdjU1o78/8sA:4sSDaf9+XvT4qgFfb+rGyw14k/8o7O
Score3/10 -
-
-
Target
Packing List.chm
-
Size
13KB
-
MD5
08cac56b75979c1f3bfc2e83e123a2fc
-
SHA1
56227c920783d547a673e0de919f438dba846c01
-
SHA256
11731e8a97c3ced6e50ffa011b04bc6b54cc5e4ee1ccf2c4fc70247b7ae4528b
-
SHA512
3be2746d1a0179642db2e7a85ba5cb4815e95582e56efb3e981755ecc50fc6590d425993bfb8f3685d3d79871ec88c597c545850929595c04abb60690169ac4b
-
SSDEEP
192:tyBAu4E8Y/p6efAPaiQ4nggjClAgLZkByk0GAN:tyauqYR8s4ggjCb5k0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-