General
-
Target
83aa41a7f164cf8e0d298b48a95f406560e3c49d42dfc7f0430eb54f61840add.exe
-
Size
814KB
-
Sample
221209-we3y2sdf84
-
MD5
2ffe57a9542324cb976388289368e47f
-
SHA1
0141d58dc4327faeb76da5152c2d83003c2dd90c
-
SHA256
83aa41a7f164cf8e0d298b48a95f406560e3c49d42dfc7f0430eb54f61840add
-
SHA512
f458f21a6305adae267e2d4fa48f4af5f43170bd1dfbad2c5455b87b2f0737fed83cbc610491549252b4d9f4f17156bcee89d25e396830dfe8f6de0e6a01c7cb
-
SSDEEP
12288:2EVq7T/tR1CU7PXlZGx5HHfB1xMqLppKlSwx7IkNa:In1mU765H51xMq6Qw+ma
Static task
static1
Behavioral task
behavioral1
Sample
83aa41a7f164cf8e0d298b48a95f406560e3c49d42dfc7f0430eb54f61840add.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
83aa41a7f164cf8e0d298b48a95f406560e3c49d42dfc7f0430eb54f61840add.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.svcnc.com - Port:
587 - Username:
[email protected] - Password:
Krupashine@6791 - Email To:
[email protected]
Targets
-
-
Target
83aa41a7f164cf8e0d298b48a95f406560e3c49d42dfc7f0430eb54f61840add.exe
-
Size
814KB
-
MD5
2ffe57a9542324cb976388289368e47f
-
SHA1
0141d58dc4327faeb76da5152c2d83003c2dd90c
-
SHA256
83aa41a7f164cf8e0d298b48a95f406560e3c49d42dfc7f0430eb54f61840add
-
SHA512
f458f21a6305adae267e2d4fa48f4af5f43170bd1dfbad2c5455b87b2f0737fed83cbc610491549252b4d9f4f17156bcee89d25e396830dfe8f6de0e6a01c7cb
-
SSDEEP
12288:2EVq7T/tR1CU7PXlZGx5HHfB1xMqLppKlSwx7IkNa:In1mU765H51xMq6Qw+ma
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-