General
-
Target
93caf26ccb41093ce2efaac4631c354b9a69e5da6bc71e3fa1bd84a531603b8a
-
Size
776KB
-
Sample
221130-tw9f2sac2t
-
MD5
5f5007d479284c637ee7af9ecf085ff9
-
SHA1
b1d249b76d71b5486453ee088a30ab66398e1f74
-
SHA256
93caf26ccb41093ce2efaac4631c354b9a69e5da6bc71e3fa1bd84a531603b8a
-
SHA512
899106d3a206d55ae94b2775c38c59a29db47a55e42da1bd9eae28afe3099193812a863e62d1f2a6f3afcfef7137f4c2ca0955c95f271197aae1bd502845b051
-
SSDEEP
6144:qD2v7gkRvi3Kg4B1Rj7XvlczaB2DH2wMZgIaBI72xxaT+DSmKaWMueU+JqV3pDT/:werNJSsZgVm2WCD1KtMuL+J8VSpto
Static task
static1
Behavioral task
behavioral1
Sample
93caf26ccb41093ce2efaac4631c354b9a69e5da6bc71e3fa1bd84a531603b8a.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
93caf26ccb41093ce2efaac4631c354b9a69e5da6bc71e3fa1bd84a531603b8a.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
box@alscotop.com - Password:
godisgreat
Targets
-
-
Target
93caf26ccb41093ce2efaac4631c354b9a69e5da6bc71e3fa1bd84a531603b8a
-
Size
776KB
-
MD5
5f5007d479284c637ee7af9ecf085ff9
-
SHA1
b1d249b76d71b5486453ee088a30ab66398e1f74
-
SHA256
93caf26ccb41093ce2efaac4631c354b9a69e5da6bc71e3fa1bd84a531603b8a
-
SHA512
899106d3a206d55ae94b2775c38c59a29db47a55e42da1bd9eae28afe3099193812a863e62d1f2a6f3afcfef7137f4c2ca0955c95f271197aae1bd502845b051
-
SSDEEP
6144:qD2v7gkRvi3Kg4B1Rj7XvlczaB2DH2wMZgIaBI72xxaT+DSmKaWMueU+JqV3pDT/:werNJSsZgVm2WCD1KtMuL+J8VSpto
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-