General
-
Target
Quantity breakdown.exe
-
Size
1.0MB
-
Sample
230327-xt58dseh52
-
MD5
5c9c5ff4c2b459caa1c17d77a0780404
-
SHA1
3837ed0d13c37d1edf4c8ef45ac77a9528af35f2
-
SHA256
02e4cc9a5bd09bafa5384bdf00f60f7b8bc31f7314466150d137da53a260e46c
-
SHA512
32705264c13396daca41057f665ba071ebabe346f9514a0b1d04f8e96c51e3e245cdc9f261bcd7a1223970772103f05a99d72950d8932ea61a33f21cdcfc45ca
-
SSDEEP
24576:G5U6hLdFCrvq3B/sI3wOzitPFrEYcWKB5LdFGLdFmD41:mTfFCjqJ3wOziplmZ1FuF44
Static task
static1
Behavioral task
behavioral1
Sample
Quantity breakdown.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Quantity breakdown.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
ghostboylog@saonline.xyz - Password:
7213575aceACE@#$ - Email To:
ghostboy@saonline.xyz
Extracted
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
ghostboylog@saonline.xyz - Password:
7213575aceACE@#$
Targets
-
-
Target
Quantity breakdown.exe
-
Size
1.0MB
-
MD5
5c9c5ff4c2b459caa1c17d77a0780404
-
SHA1
3837ed0d13c37d1edf4c8ef45ac77a9528af35f2
-
SHA256
02e4cc9a5bd09bafa5384bdf00f60f7b8bc31f7314466150d137da53a260e46c
-
SHA512
32705264c13396daca41057f665ba071ebabe346f9514a0b1d04f8e96c51e3e245cdc9f261bcd7a1223970772103f05a99d72950d8932ea61a33f21cdcfc45ca
-
SSDEEP
24576:G5U6hLdFCrvq3B/sI3wOzitPFrEYcWKB5LdFGLdFmD41:mTfFCjqJ3wOziplmZ1FuF44
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-