General
-
Target
Yph3Jd-c8cR53MAD2SshRmUBHTiTfF3gCsEflj1NVd0.bin
-
Size
644KB
-
Sample
221129-nze4qafc89
-
MD5
176bc03ca22db45cc806f17b1fab1119
-
SHA1
41926bfbdd49004c23e82b07c6a99bf0389f085b
-
SHA256
62987725dfdcf1c479dcc003d92b214665011d38937c5de00ac11f963d4d55dd
-
SHA512
2674a47b24c75023f758587f67046fc8f3b5c67a5727ce6ae24163579ea19084a110a79fb137ea556cc7dff96522f6ac921cd7d7468d17a3c20ddb47e5a1cabf
-
SSDEEP
12288:duc8pbKbfb4NWtEuF35ojcLW6f7YbCSeyRxKY1+:dFabKogtEw3yjcS6DYbdRxKY
Static task
static1
Behavioral task
behavioral1
Sample
Yph3Jd-c8cR53MAD2SshRmUBHTiTfF3gCsEflj1NVd0.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Yph3Jd-c8cR53MAD2SshRmUBHTiTfF3gCsEflj1NVd0.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.mail.com - Port:
587 - Username:
sebastienj_newdirections.au@mail.com - Password:
millions2022
Targets
-
-
Target
Yph3Jd-c8cR53MAD2SshRmUBHTiTfF3gCsEflj1NVd0.bin
-
Size
644KB
-
MD5
176bc03ca22db45cc806f17b1fab1119
-
SHA1
41926bfbdd49004c23e82b07c6a99bf0389f085b
-
SHA256
62987725dfdcf1c479dcc003d92b214665011d38937c5de00ac11f963d4d55dd
-
SHA512
2674a47b24c75023f758587f67046fc8f3b5c67a5727ce6ae24163579ea19084a110a79fb137ea556cc7dff96522f6ac921cd7d7468d17a3c20ddb47e5a1cabf
-
SSDEEP
12288:duc8pbKbfb4NWtEuF35ojcLW6f7YbCSeyRxKY1+:dFabKogtEw3yjcS6DYbdRxKY
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-