General
-
Target
8133f460c036e3e0b7c3872c66379af8d15edc13c15b172bc43eb933fb363080.exe
-
Size
862KB
-
Sample
221208-p33vmada5w
-
MD5
b8224201e93b9374a9329bde0756ddf7
-
SHA1
1e06bd9bb28392265c2e6d72637e353747f2b9f2
-
SHA256
8133f460c036e3e0b7c3872c66379af8d15edc13c15b172bc43eb933fb363080
-
SHA512
dcd6471191996bb9b77b83e89a62f6f113daf4c11f52e12b55edb4808c72520f1e3c19d311cf61dc8f8a2489edb42f514f0700ec8d249d1aa43a3b3239a401e0
-
SSDEEP
24576:XmxvKJIZIcLtppgYm80Y1/3cboN2LX85C:C4IZIQm8D1fArLXv
Static task
static1
Behavioral task
behavioral1
Sample
8133f460c036e3e0b7c3872c66379af8d15edc13c15b172bc43eb933fb363080.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
8133f460c036e3e0b7c3872c66379af8d15edc13c15b172bc43eb933fb363080.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
host39.registrar-servers.com - Port:
587 - Username:
rinosoftoffice@potashin.us - Password:
q9 % .=I2 2 R}{$
Targets
-
-
Target
8133f460c036e3e0b7c3872c66379af8d15edc13c15b172bc43eb933fb363080.exe
-
Size
862KB
-
MD5
b8224201e93b9374a9329bde0756ddf7
-
SHA1
1e06bd9bb28392265c2e6d72637e353747f2b9f2
-
SHA256
8133f460c036e3e0b7c3872c66379af8d15edc13c15b172bc43eb933fb363080
-
SHA512
dcd6471191996bb9b77b83e89a62f6f113daf4c11f52e12b55edb4808c72520f1e3c19d311cf61dc8f8a2489edb42f514f0700ec8d249d1aa43a3b3239a401e0
-
SSDEEP
24576:XmxvKJIZIcLtppgYm80Y1/3cboN2LX85C:C4IZIQm8D1fArLXv
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-