General
-
Target
39bfa1d4e402455829324582e0d1042b721a1feb4bebcb387d8f0c0b93752413.exe
-
Size
839KB
-
Sample
221207-qsfg1sfa53
-
MD5
1ad8ac542eef696e65ee26b0c22e62ca
-
SHA1
20bdae5ba9a4706478df326c0caa2c99fe854498
-
SHA256
39bfa1d4e402455829324582e0d1042b721a1feb4bebcb387d8f0c0b93752413
-
SHA512
1db078a90c97634e8b8e6db115b602e102905a455952d96e14f518bbc5b137b67bfe5060bd68ad21700794a70b24e9f46c148c912b28a3e7bbf1c06c16745af3
-
SSDEEP
24576:Vr18+L74mBfNUstzoEr5jamfpF5tTD243r8JN:Vr/xfpt+4I
Static task
static1
Behavioral task
behavioral1
Sample
39bfa1d4e402455829324582e0d1042b721a1feb4bebcb387d8f0c0b93752413.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
39bfa1d4e402455829324582e0d1042b721a1feb4bebcb387d8f0c0b93752413.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
cash@scgthai.xyz - Password:
bG^VamX7@@
Targets
-
-
Target
39bfa1d4e402455829324582e0d1042b721a1feb4bebcb387d8f0c0b93752413.exe
-
Size
839KB
-
MD5
1ad8ac542eef696e65ee26b0c22e62ca
-
SHA1
20bdae5ba9a4706478df326c0caa2c99fe854498
-
SHA256
39bfa1d4e402455829324582e0d1042b721a1feb4bebcb387d8f0c0b93752413
-
SHA512
1db078a90c97634e8b8e6db115b602e102905a455952d96e14f518bbc5b137b67bfe5060bd68ad21700794a70b24e9f46c148c912b28a3e7bbf1c06c16745af3
-
SSDEEP
24576:Vr18+L74mBfNUstzoEr5jamfpF5tTD243r8JN:Vr/xfpt+4I
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-