General
-
Target
baa6318542fec07e6a7ee6bbdccbfa99519c4b76fe6d57bf573c6d33d943db9a.exe
-
Size
734KB
-
Sample
221207-rnfgwsfb52
-
MD5
b66de3f2760e8eba638193617f873f7a
-
SHA1
875b014ee18bd2e367a2b3b196f9967ab50e704e
-
SHA256
baa6318542fec07e6a7ee6bbdccbfa99519c4b76fe6d57bf573c6d33d943db9a
-
SHA512
5bb89eb439361cc2ad6c52f7e2aad89c61463b04cfbd96541ebb23843f8b783ad2830c233d77002ce961fa7c2fb5d8c9b4517128a203b0df4e04400ca8683dc3
-
SSDEEP
12288:WKldyk92iNQjUvLlEKAOdt4tsv3OYiXRa312hWnHUqNuFDD234yNStvwLUkQBe3t:ByQ1VvLdAOQ4lm2LkFD/y6IFEwmA
Static task
static1
Behavioral task
behavioral1
Sample
baa6318542fec07e6a7ee6bbdccbfa99519c4b76fe6d57bf573c6d33d943db9a.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
baa6318542fec07e6a7ee6bbdccbfa99519c4b76fe6d57bf573c6d33d943db9a.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dmstech.in - Port:
587 - Username:
[email protected] - Password:
0]6F9Az.pqfd - Email To:
[email protected]
Targets
-
-
Target
baa6318542fec07e6a7ee6bbdccbfa99519c4b76fe6d57bf573c6d33d943db9a.exe
-
Size
734KB
-
MD5
b66de3f2760e8eba638193617f873f7a
-
SHA1
875b014ee18bd2e367a2b3b196f9967ab50e704e
-
SHA256
baa6318542fec07e6a7ee6bbdccbfa99519c4b76fe6d57bf573c6d33d943db9a
-
SHA512
5bb89eb439361cc2ad6c52f7e2aad89c61463b04cfbd96541ebb23843f8b783ad2830c233d77002ce961fa7c2fb5d8c9b4517128a203b0df4e04400ca8683dc3
-
SSDEEP
12288:WKldyk92iNQjUvLlEKAOdt4tsv3OYiXRa312hWnHUqNuFDD234yNStvwLUkQBe3t:ByQ1VvLdAOQ4lm2LkFD/y6IFEwmA
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-