General
-
Target
SecuriteInfo.com.Win32.CrypterX-gen.11851.17452
-
Size
920KB
-
Sample
221129-p34f6aag76
-
MD5
d6f0e59d1bb1d559029da21e132a1c9b
-
SHA1
7b760ca553c6d95126146825b1f5b846d5a69378
-
SHA256
0afcaf64f298203c19ee5001aeb67a4a785a2a3a56fac3ead54c86811583d873
-
SHA512
21615f5cce87c73e219f8357ad7b989f1c9b769ff1440a3e6804da6a9d020e864f39e22d32361edd996d8d11f9945a60eab2fe0b32f55a9aa5d0901fcb4db4fb
-
SSDEEP
24576:FyDdEPf3ZQWjM2Xgx9cyEthRYxdIipRgIdbl:FTPfZpHw0hRO+i3zdbl
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.CrypterX-gen.11851.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.CrypterX-gen.11851.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.akademetre.com - Port:
587 - Username:
suletas@akademetre.com - Password:
st6473
Targets
-
-
Target
SecuriteInfo.com.Win32.CrypterX-gen.11851.17452
-
Size
920KB
-
MD5
d6f0e59d1bb1d559029da21e132a1c9b
-
SHA1
7b760ca553c6d95126146825b1f5b846d5a69378
-
SHA256
0afcaf64f298203c19ee5001aeb67a4a785a2a3a56fac3ead54c86811583d873
-
SHA512
21615f5cce87c73e219f8357ad7b989f1c9b769ff1440a3e6804da6a9d020e864f39e22d32361edd996d8d11f9945a60eab2fe0b32f55a9aa5d0901fcb4db4fb
-
SSDEEP
24576:FyDdEPf3ZQWjM2Xgx9cyEthRYxdIipRgIdbl:FTPfZpHw0hRO+i3zdbl
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-