General
-
Target
nhhhhnn.exe
-
Size
611KB
-
Sample
221208-lcl8eahe52
-
MD5
75e55b619b34973c98df9425fcda82a7
-
SHA1
c56718c5d03aa9d7bd3ce9f46afbf7efb4c421db
-
SHA256
d584f5c481acd2b638b4196021c6326b590c2b64aa0a8b3953e69ad232d651fe
-
SHA512
fac6cc1acb9d7a0b783cb0be2e6855e0bffdc62cec9e9e0756e5e51ff7b77f6a6bb66dca42c63d6ae055f893c54c514d28f50d23a40a631a185060a36c50acb6
-
SSDEEP
12288:vc7FkSAEj5yn7i2IY9UG5JGsRw5kfCqqcrhIREsXx8mFmH:v91Ejyi1Y9/5JGsC5k6LIpsB8lH
Static task
static1
Behavioral task
behavioral1
Sample
nhhhhnn.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
nhhhhnn.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
nhhhhnn.exe
-
Size
611KB
-
MD5
75e55b619b34973c98df9425fcda82a7
-
SHA1
c56718c5d03aa9d7bd3ce9f46afbf7efb4c421db
-
SHA256
d584f5c481acd2b638b4196021c6326b590c2b64aa0a8b3953e69ad232d651fe
-
SHA512
fac6cc1acb9d7a0b783cb0be2e6855e0bffdc62cec9e9e0756e5e51ff7b77f6a6bb66dca42c63d6ae055f893c54c514d28f50d23a40a631a185060a36c50acb6
-
SSDEEP
12288:vc7FkSAEj5yn7i2IY9UG5JGsRw5kfCqqcrhIREsXx8mFmH:v91Ejyi1Y9/5JGsC5k6LIpsB8lH
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-