General
-
Target
MoJmC.exe
-
Size
3.0MB
-
Sample
240914-d869fsvenl
-
MD5
1013374ebb99df88b338ff474886c7aa
-
SHA1
01a6e8906c56a2b4bd7819d36e27c1f6bcc02438
-
SHA256
359323ed51405ce11b33376541453b3d6b55557fe9270ba015772224b59c6af9
-
SHA512
7926151f552cd73aa4ac8122afd25be53b4f17d97a489df941fc6b140d7a0ec22bcb450d9912a26781ff3005695ac03dac500ef735495798caa379416504669a
-
SSDEEP
49152:xbHAYmW2bWh9TGcmxVIXzEoE8KOg1mMbRnyIqe:x8GTe
Static task
static1
Behavioral task
behavioral1
Sample
MoJmC.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
MoJmC.exe
Resource
win10v2004-20240910-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5623048028:AAG99YvLznC7p93amrVLQ5RB-YTz23XsDLs/
Targets
-
-
Target
MoJmC.exe
-
Size
3.0MB
-
MD5
1013374ebb99df88b338ff474886c7aa
-
SHA1
01a6e8906c56a2b4bd7819d36e27c1f6bcc02438
-
SHA256
359323ed51405ce11b33376541453b3d6b55557fe9270ba015772224b59c6af9
-
SHA512
7926151f552cd73aa4ac8122afd25be53b4f17d97a489df941fc6b140d7a0ec22bcb450d9912a26781ff3005695ac03dac500ef735495798caa379416504669a
-
SSDEEP
49152:xbHAYmW2bWh9TGcmxVIXzEoE8KOg1mMbRnyIqe:x8GTe
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-