General
-
Target
CI & PL________________________________________________________________________________________________________________________________________________.zip
-
Size
8KB
-
Sample
221003-hysqjacfc7
-
MD5
9c57b6ebe1f70ae3e9571b8c196141a9
-
SHA1
c696188fbe35653785cfcdb4787a56fe588563b3
-
SHA256
9a203e434cc06cc2f6020afe8f280b96adaba2ddf68fd94b6a1da34ef5c36fa1
-
SHA512
dbbc7470cce3a951d9e65866c5ec224b8bfc05812579d16d42a1d950a93c0119774769dc0cd90eb49a8f1ea1ccdbda19286679558205f626979e023a2b064eae
-
SSDEEP
192:Ehl31EblrYCE7O3vPrOu5FwtU9eVS2xYYzMHQ5yE62TR:E/CbZgWTOuDwtU9qS2xYMMH0yg
Static task
static1
Behavioral task
behavioral1
Sample
CI & PL_____________________________________________________________________________________________.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
CI & PL_____________________________________________________________________________________________.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.blazonlabs.com - Port:
587 - Username:
[email protected] - Password:
sophie@143
Targets
-
-
Target
CI & PL________________________________________________________________________________________________________________________________________________.exe
-
Size
15KB
-
MD5
a0d32e8dfa1bdbfd9dba714786f5933b
-
SHA1
41408a58d28dbd4beaa5daf866e6b43416a9f986
-
SHA256
9131b2d3b37f8533ba4b9e5b5923d4f5289342ae919960c28367a9f9e6d84564
-
SHA512
60c5d1792be7daadb0308bbcd20aba82ad1f94820a2de7b18d4e6ddbc6e9200e339afbb70726e227c3815750710270e14ebf9a32557b211e797bc4188ddd8127
-
SSDEEP
384:8AGEyN3Gs4sdqmXNOLJuTYb2CNawS9mD:BGsPwNUrD
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-