General
-
Target
504556bc934dda104702afe7d71be8452e82a7b5273183f0bac61f384d33ccb1.exe
-
Size
1.1MB
-
Sample
221206-pff3cagc77
-
MD5
31c04c59e7015caf78cdf5385fc39bcd
-
SHA1
7a3d90ac62d2344283da7d6a32c98732c6418629
-
SHA256
504556bc934dda104702afe7d71be8452e82a7b5273183f0bac61f384d33ccb1
-
SHA512
1f12c309cfa76b263684bab5280ec2ee30bdcc776e1eb4e4be54fcad30a41b86cf829221bcfe302359146e0a9aedbb3a838c4e99f1b49726b42438404b2b9986
-
SSDEEP
24576:KFGbqdOqwHrWzSF/bijjT+f0XWooDgzLha5kTf:HbqdOpLKO4jQnkzLhT
Static task
static1
Behavioral task
behavioral1
Sample
504556bc934dda104702afe7d71be8452e82a7b5273183f0bac61f384d33ccb1.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
504556bc934dda104702afe7d71be8452e82a7b5273183f0bac61f384d33ccb1.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.apexfinanceuk.com - Port:
587 - Username:
[email protected] - Password:
Franciano231
Targets
-
-
Target
504556bc934dda104702afe7d71be8452e82a7b5273183f0bac61f384d33ccb1.exe
-
Size
1.1MB
-
MD5
31c04c59e7015caf78cdf5385fc39bcd
-
SHA1
7a3d90ac62d2344283da7d6a32c98732c6418629
-
SHA256
504556bc934dda104702afe7d71be8452e82a7b5273183f0bac61f384d33ccb1
-
SHA512
1f12c309cfa76b263684bab5280ec2ee30bdcc776e1eb4e4be54fcad30a41b86cf829221bcfe302359146e0a9aedbb3a838c4e99f1b49726b42438404b2b9986
-
SSDEEP
24576:KFGbqdOqwHrWzSF/bijjT+f0XWooDgzLha5kTf:HbqdOpLKO4jQnkzLhT
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-