General
-
Target
6def904f769fe8ef1e3da3e4305fd36fc162176a
-
Size
434KB
-
Sample
230114-p3pyrsfe97
-
MD5
f25a05273ba3897ae6d5211dd42bf896
-
SHA1
6def904f769fe8ef1e3da3e4305fd36fc162176a
-
SHA256
87e32aa4c7cdad4872573c0d62e51e9256d1c774dbdebd2cb2e706734aa69e1f
-
SHA512
52050da9da3a70d4c39a05ebfb720998b0b98c077b6996985cce7924711389df7196da8d85e53723b24f17c311dab0551b087161283d46ba1756f6cd2d06f0a2
-
SSDEEP
6144:uYa63eDljYsa/ahTp42vAHkp2xv/hQ8MUlEeYBbE:uYMlMsgET1vRp2VpQ8MuvYBbE
Static task
static1
Behavioral task
behavioral1
Sample
6def904f769fe8ef1e3da3e4305fd36fc162176a.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
6def904f769fe8ef1e3da3e4305fd36fc162176a.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sseximclearing.com - Port:
587 - Username:
[email protected] - Password:
Ssxm@9854 - Email To:
[email protected]
Targets
-
-
Target
6def904f769fe8ef1e3da3e4305fd36fc162176a
-
Size
434KB
-
MD5
f25a05273ba3897ae6d5211dd42bf896
-
SHA1
6def904f769fe8ef1e3da3e4305fd36fc162176a
-
SHA256
87e32aa4c7cdad4872573c0d62e51e9256d1c774dbdebd2cb2e706734aa69e1f
-
SHA512
52050da9da3a70d4c39a05ebfb720998b0b98c077b6996985cce7924711389df7196da8d85e53723b24f17c311dab0551b087161283d46ba1756f6cd2d06f0a2
-
SSDEEP
6144:uYa63eDljYsa/ahTp42vAHkp2xv/hQ8MUlEeYBbE:uYMlMsgET1vRp2VpQ8MuvYBbE
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-