General
-
Target
UHDJ_3987653673-093876545637893.exe
-
Size
1.1MB
-
Sample
221202-y55axabb44
-
MD5
36775a9ec5a3137929b7e84c25192916
-
SHA1
fcfe250f21f7cdbebe62b00decc25eb38ce283fb
-
SHA256
a6785180a4da92c5c7ba441f18aa3f7214e14289cff670b39abc7f6ebd9fccd4
-
SHA512
5f0e41bb97507a41521bb56361aa6027c99015e66e5e06e15d1026a12ccec533b5eddeaec4dde391a22a01314b15f00bf8122cd91c3d48b161432fa110145953
-
SSDEEP
24576:GkqjH69HMM8iBHvL7OBIIdHUTiwAAgEEY4rLQ:jKwPPOrUTQp
Static task
static1
Behavioral task
behavioral1
Sample
UHDJ_3987653673-093876545637893.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
UHDJ_3987653673-093876545637893.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.safinaco.com - Port:
587 - Username:
[email protected] - Password:
0973913799
Extracted
agenttesla
Protocol: smtp- Host:
mail.safinaco.com - Port:
587 - Username:
[email protected] - Password:
0973913799 - Email To:
[email protected]
Targets
-
-
Target
UHDJ_3987653673-093876545637893.exe
-
Size
1.1MB
-
MD5
36775a9ec5a3137929b7e84c25192916
-
SHA1
fcfe250f21f7cdbebe62b00decc25eb38ce283fb
-
SHA256
a6785180a4da92c5c7ba441f18aa3f7214e14289cff670b39abc7f6ebd9fccd4
-
SHA512
5f0e41bb97507a41521bb56361aa6027c99015e66e5e06e15d1026a12ccec533b5eddeaec4dde391a22a01314b15f00bf8122cd91c3d48b161432fa110145953
-
SSDEEP
24576:GkqjH69HMM8iBHvL7OBIIdHUTiwAAgEEY4rLQ:jKwPPOrUTQp
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-