General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.31379.2381.exe
-
Size
1.1MB
-
Sample
221205-lnr8ssga24
-
MD5
f091794762cc7fcc1f36cee4a7ba2185
-
SHA1
2e2f198829f6d7b37c9d1f9d9453370e585cde66
-
SHA256
1ea243ac200cf8ab633492546102d4e33b72f46b0825cfb16d3ecfe0b469ddc9
-
SHA512
fa1bd1f3dd83fd74c2d3d2136adb4aef67aabb918e638962a9196d647fde3499eda0ee6402bf3feb4e30afbecdd251e7e76c01c8ff187054b687082ad389613b
-
SSDEEP
24576:CY7mqlKJrzNoMAEzyI9MdvmWByO5WNQ4uH37kUw+mWb:d7ml5oCzy/deO35CgXw3JWb
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.31379.2381.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.PWSX-gen.31379.2381.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
bG^VamX7@@
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.31379.2381.exe
-
Size
1.1MB
-
MD5
f091794762cc7fcc1f36cee4a7ba2185
-
SHA1
2e2f198829f6d7b37c9d1f9d9453370e585cde66
-
SHA256
1ea243ac200cf8ab633492546102d4e33b72f46b0825cfb16d3ecfe0b469ddc9
-
SHA512
fa1bd1f3dd83fd74c2d3d2136adb4aef67aabb918e638962a9196d647fde3499eda0ee6402bf3feb4e30afbecdd251e7e76c01c8ff187054b687082ad389613b
-
SSDEEP
24576:CY7mqlKJrzNoMAEzyI9MdvmWByO5WNQ4uH37kUw+mWb:d7ml5oCzy/deO35CgXw3JWb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-