General
-
Target
ohoyeczx.exe
-
Size
794KB
-
Sample
230327-pzmdgafe6v
-
MD5
6a528cfff5999cf090f5794fc86cadcf
-
SHA1
d8dd1639f879dd0c6af6bb308d4558e42c0979f2
-
SHA256
6a0087305c0345b6a7323d488f9d9e57d0ee4972ebb132b89f1192994b8c78fa
-
SHA512
1e2e4a8099f81d06bbbf772263fef78b652d9d788d957fff8700d9ec7294cced964962411114333ecc0365f30b9ed5b02bd21e43a214d10bcc03c9f44732fa9d
-
SSDEEP
12288:pA5iB0Opa8o7k0yMpuNzrq5hhcSqVRYIwHott85c3t4JhZ:pA567DdMgNzrijewxHinID
Static task
static1
Behavioral task
behavioral1
Sample
ohoyeczx.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
ohoyeczx.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
omananilampard1@yandex.com - Password:
qbkcioyfoxstxqax - Email To:
omananilampard1@yandex.com
Targets
-
-
Target
ohoyeczx.exe
-
Size
794KB
-
MD5
6a528cfff5999cf090f5794fc86cadcf
-
SHA1
d8dd1639f879dd0c6af6bb308d4558e42c0979f2
-
SHA256
6a0087305c0345b6a7323d488f9d9e57d0ee4972ebb132b89f1192994b8c78fa
-
SHA512
1e2e4a8099f81d06bbbf772263fef78b652d9d788d957fff8700d9ec7294cced964962411114333ecc0365f30b9ed5b02bd21e43a214d10bcc03c9f44732fa9d
-
SSDEEP
12288:pA5iB0Opa8o7k0yMpuNzrq5hhcSqVRYIwHott85c3t4JhZ:pA567DdMgNzrijewxHinID
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-