General
-
Target
SecuriteInfo.com.Win32.TrojanX-gen.28957.4201.exe
-
Size
845KB
-
Sample
221206-lkyamsed25
-
MD5
38a401260efb9031eb5d52a849eb005a
-
SHA1
528a4a25bafbc76d05e946b3769d322d82967668
-
SHA256
6f6ccd70e277efd92f43533ce35f403dad62d3dac77c9d502d756894552043f7
-
SHA512
9e5d304576d23f2c8c0d88312ffa864890b16480b9c08510114f2d9e9c1afa8998f07489ab661cd32a7b4cbde0342452c3a46da6af7171308c355f8dc9aae336
-
SSDEEP
12288:jEVq7GzISBk7Yj4klPT/ByL65yNeqlo2JKlSwx7IkNF:BqzIUkWnlb5yLMyIqC20Qw+mF
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.TrojanX-gen.28957.4201.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.TrojanX-gen.28957.4201.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.graphic-associates.com - Port:
587 - Username:
[email protected] - Password:
M@y@G2022 - Email To:
[email protected]
Targets
-
-
Target
SecuriteInfo.com.Win32.TrojanX-gen.28957.4201.exe
-
Size
845KB
-
MD5
38a401260efb9031eb5d52a849eb005a
-
SHA1
528a4a25bafbc76d05e946b3769d322d82967668
-
SHA256
6f6ccd70e277efd92f43533ce35f403dad62d3dac77c9d502d756894552043f7
-
SHA512
9e5d304576d23f2c8c0d88312ffa864890b16480b9c08510114f2d9e9c1afa8998f07489ab661cd32a7b4cbde0342452c3a46da6af7171308c355f8dc9aae336
-
SSDEEP
12288:jEVq7GzISBk7Yj4klPT/ByL65yNeqlo2JKlSwx7IkNF:BqzIUkWnlb5yLMyIqC20Qw+mF
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-