General
-
Target
SecuriteInfo.com.Win32.TrojanX-gen.22520.22219.exe
-
Size
840KB
-
Sample
221206-lkyamsed24
-
MD5
5f1400ca0b3144ef77b9634a989476e5
-
SHA1
9346b16d6e78d2904bc14875a1ab1948c988cee6
-
SHA256
349ae885327a3970c99cb8d98cd3413b835dd8cee52de5ee6c7bc60cfc670f90
-
SHA512
bd400522d96f04c41121c05aa2c998b68a50ea56797ebef22a86cc708b6c811df86361c20fddfc5879d3cca6e1c453cd74ba5b7e8b02bae3fb5bc71092bd35a5
-
SSDEEP
12288:VEVq7bKlSwx7IkN3NnL9ECycoyCldFkDNFB9PMA5C7g486vTgOe6uvI:7SQw+m9nBECycpCXFINFjPho98q
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.TrojanX-gen.22520.22219.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.TrojanX-gen.22520.22219.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dubai-lights.com - Port:
587 - Username:
[email protected] - Password:
DL2@DL$lighting1&2&3 - Email To:
[email protected]
Targets
-
-
Target
SecuriteInfo.com.Win32.TrojanX-gen.22520.22219.exe
-
Size
840KB
-
MD5
5f1400ca0b3144ef77b9634a989476e5
-
SHA1
9346b16d6e78d2904bc14875a1ab1948c988cee6
-
SHA256
349ae885327a3970c99cb8d98cd3413b835dd8cee52de5ee6c7bc60cfc670f90
-
SHA512
bd400522d96f04c41121c05aa2c998b68a50ea56797ebef22a86cc708b6c811df86361c20fddfc5879d3cca6e1c453cd74ba5b7e8b02bae3fb5bc71092bd35a5
-
SSDEEP
12288:VEVq7bKlSwx7IkN3NnL9ECycoyCldFkDNFB9PMA5C7g486vTgOe6uvI:7SQw+m9nBECycpCXFINFjPho98q
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-