General
-
Target
7c42e4f5b86dd424e035433029d8e096162e20ba2a3997baa89123c63fbe2714
-
Size
1.1MB
-
Sample
221208-caldnabf9y
-
MD5
f2e41db512101c467bcf578005c142ba
-
SHA1
55c4d0bbec4906eba459332a19b5bb0a4aad0f84
-
SHA256
7c42e4f5b86dd424e035433029d8e096162e20ba2a3997baa89123c63fbe2714
-
SHA512
1230562c0437138a606570d77df5a45072bdde753d530ad6b5ef4f09556dcc7abeba278af1d40be5c724f4e99011b757f3050e13848d506d5a82e3408bb55a68
-
SSDEEP
24576:8L4LJLZtfgl3R8y2ulMvv0Cg3+OCoOpP4:9LJttfgl3RGulug0ooQ
Static task
static1
Behavioral task
behavioral1
Sample
7c42e4f5b86dd424e035433029d8e096162e20ba2a3997baa89123c63fbe2714.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
7c42e4f5b86dd424e035433029d8e096162e20ba2a3997baa89123c63fbe2714.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.rimiapparelsltd.com - Port:
587 - Username:
postmaster@rimiapparelsltd.com - Password:
Ijeomam28@
Extracted
agenttesla
Protocol: smtp- Host:
mail.rimiapparelsltd.com - Port:
587 - Username:
postmaster@rimiapparelsltd.com - Password:
Ijeomam28@ - Email To:
webmaster@rimiapparelsltd.com
Targets
-
-
Target
7c42e4f5b86dd424e035433029d8e096162e20ba2a3997baa89123c63fbe2714
-
Size
1.1MB
-
MD5
f2e41db512101c467bcf578005c142ba
-
SHA1
55c4d0bbec4906eba459332a19b5bb0a4aad0f84
-
SHA256
7c42e4f5b86dd424e035433029d8e096162e20ba2a3997baa89123c63fbe2714
-
SHA512
1230562c0437138a606570d77df5a45072bdde753d530ad6b5ef4f09556dcc7abeba278af1d40be5c724f4e99011b757f3050e13848d506d5a82e3408bb55a68
-
SSDEEP
24576:8L4LJLZtfgl3R8y2ulMvv0Cg3+OCoOpP4:9LJttfgl3RGulug0ooQ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-