General
-
Target
4eb560d18566bcbe7217f18575bde139dbcf47728b004e76e517b730ada00801
-
Size
968KB
-
Sample
221206-hfyh3ace92
-
MD5
8bbded5e247ca7b9d7c9ba89b5d435d9
-
SHA1
175d130f5379c03f3dc200468a99fe5cd85f8b83
-
SHA256
4eb560d18566bcbe7217f18575bde139dbcf47728b004e76e517b730ada00801
-
SHA512
60d018293d400b1f1c32d5e3e15febf6161c183dec53e8655d9b364802811facea7df68f666f8526fc4c3edf28c32eaba3784f68ec6d303b3879bb6ccf9c71f6
-
SSDEEP
12288:afsSjW+dJbnYWzRHEGydDMHQdUbLz0Yx1sAx9VAv5DYkA1AdClfXRgaSOvj+Zxf+:YCYEAPqlcAdC/g9OExfXDiMfsBI
Static task
static1
Behavioral task
behavioral1
Sample
4eb560d18566bcbe7217f18575bde139dbcf47728b004e76e517b730ada00801.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
4eb560d18566bcbe7217f18575bde139dbcf47728b004e76e517b730ada00801.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.radixnovem.com - Port:
587 - Username:
[email protected] - Password:
Radixx@@$2021999
Extracted
agenttesla
Protocol: smtp- Host:
mail.radixnovem.com - Port:
587 - Username:
[email protected] - Password:
Radixx@@$2021999
Targets
-
-
Target
4eb560d18566bcbe7217f18575bde139dbcf47728b004e76e517b730ada00801
-
Size
968KB
-
MD5
8bbded5e247ca7b9d7c9ba89b5d435d9
-
SHA1
175d130f5379c03f3dc200468a99fe5cd85f8b83
-
SHA256
4eb560d18566bcbe7217f18575bde139dbcf47728b004e76e517b730ada00801
-
SHA512
60d018293d400b1f1c32d5e3e15febf6161c183dec53e8655d9b364802811facea7df68f666f8526fc4c3edf28c32eaba3784f68ec6d303b3879bb6ccf9c71f6
-
SSDEEP
12288:afsSjW+dJbnYWzRHEGydDMHQdUbLz0Yx1sAx9VAv5DYkA1AdClfXRgaSOvj+Zxf+:YCYEAPqlcAdC/g9OExfXDiMfsBI
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-