General
-
Target
512aede0998ef6bd1e7fdacd978081806d4f4d3d7a7136e2945803e197ceccf9
-
Size
1.1MB
-
Sample
221208-camxgsbf9z
-
MD5
1390949b5e724b10db6b15b9b564510c
-
SHA1
f39222bfc33e3b726c950c923180b2257b58acd4
-
SHA256
512aede0998ef6bd1e7fdacd978081806d4f4d3d7a7136e2945803e197ceccf9
-
SHA512
65aff732ed49107091794d512055e93cc8b1d59a3f09ece5db41e47bc372f9e11234ea02d890906615ecd3cc6c334e2160d602c997b5c377dbb44694082cfc0a
-
SSDEEP
12288:tsuAo+41hw4e/ehLrzXz8nmkAk6zcpB4+B/RjMWp+aC203fjrDq0DeJZB0BeumF:WL4LJzOmFk71Xjozn37rDqr2Qum2d4
Static task
static1
Behavioral task
behavioral1
Sample
512aede0998ef6bd1e7fdacd978081806d4f4d3d7a7136e2945803e197ceccf9.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
512aede0998ef6bd1e7fdacd978081806d4f4d3d7a7136e2945803e197ceccf9.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bohotels.hu - Port:
587 - Username:
director@bo18hotel.hu - Password:
v4Jdahdirect - Email To:
confirmed77@asia.com
Targets
-
-
Target
512aede0998ef6bd1e7fdacd978081806d4f4d3d7a7136e2945803e197ceccf9
-
Size
1.1MB
-
MD5
1390949b5e724b10db6b15b9b564510c
-
SHA1
f39222bfc33e3b726c950c923180b2257b58acd4
-
SHA256
512aede0998ef6bd1e7fdacd978081806d4f4d3d7a7136e2945803e197ceccf9
-
SHA512
65aff732ed49107091794d512055e93cc8b1d59a3f09ece5db41e47bc372f9e11234ea02d890906615ecd3cc6c334e2160d602c997b5c377dbb44694082cfc0a
-
SSDEEP
12288:tsuAo+41hw4e/ehLrzXz8nmkAk6zcpB4+B/RjMWp+aC203fjrDq0DeJZB0BeumF:WL4LJzOmFk71Xjozn37rDqr2Qum2d4
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-