General
-
Target
6e322743767f7c324c0109d09d0f16097d447a3f82b9d1e75add1974cb433ade
-
Size
816KB
-
Sample
221206-hfzq5ace97
-
MD5
08fc3f5fff69b2353d7c1b0b6a18f817
-
SHA1
d976b69152f71b3a738499a7fa57952d2ee16691
-
SHA256
6e322743767f7c324c0109d09d0f16097d447a3f82b9d1e75add1974cb433ade
-
SHA512
cae1ed85c8ae6f17551a744a42a346a76d28b7ec68a2f57840702ee4ea776f9f273295cc7a70cc7ad8853492ea4ec3c8b1c64fc6f58960c19fe5e4e2f205c491
-
SSDEEP
12288:Dp0ts2E7OYlEHslgDa26nYo9VRGqC1IvloByRkGQBLykmvAIAOFtc0ZQlOPemH1J:Dp0uC0Yo8HagymG8LSvASdZTk1
Static task
static1
Behavioral task
behavioral1
Sample
6e322743767f7c324c0109d09d0f16097d447a3f82b9d1e75add1974cb433ade.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
6e322743767f7c324c0109d09d0f16097d447a3f82b9d1e75add1974cb433ade.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.vhs-tr.com - Port:
587 - Username:
[email protected] - Password:
$uugRUt3
Targets
-
-
Target
6e322743767f7c324c0109d09d0f16097d447a3f82b9d1e75add1974cb433ade
-
Size
816KB
-
MD5
08fc3f5fff69b2353d7c1b0b6a18f817
-
SHA1
d976b69152f71b3a738499a7fa57952d2ee16691
-
SHA256
6e322743767f7c324c0109d09d0f16097d447a3f82b9d1e75add1974cb433ade
-
SHA512
cae1ed85c8ae6f17551a744a42a346a76d28b7ec68a2f57840702ee4ea776f9f273295cc7a70cc7ad8853492ea4ec3c8b1c64fc6f58960c19fe5e4e2f205c491
-
SSDEEP
12288:Dp0ts2E7OYlEHslgDa26nYo9VRGqC1IvloByRkGQBLykmvAIAOFtc0ZQlOPemH1J:Dp0uC0Yo8HagymG8LSvASdZTk1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-