General
-
Target
0dc62cfaa97d8e6e5b4b31770c78f47f.bin
-
Size
1.1MB
-
Sample
230328-bgjyqsaa4x
-
MD5
33455741cc2f959c2afea47db971d97d
-
SHA1
2230b29b10499428ff0eb7dd51dc92ba83f3ac19
-
SHA256
037b979fdcd8a1c1b556841e302366ca9a5d567cbf2f9d6780cd4f9ce45bcbbb
-
SHA512
aae817b07862b771f1ad9381cb8a3d7fa50cf3c65706656c67c51086448bde5bb3a87a70345fce6751da8637b122d2997aebb5671bdb97d12591fa4d3681584c
-
SSDEEP
24576:zvh1WhaaEn012lewYipHG2BBRnCW7ZlKEVeEYmwqfe+g:zyaJ08ewYs37Gjr/H
Static task
static1
Behavioral task
behavioral1
Sample
cf2168940995549a47e170ff65e038af63a8217526c9dd292eed8f98957750bb.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
cf2168940995549a47e170ff65e038af63a8217526c9dd292eed8f98957750bb.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
arnoldlog@steuler-kch.org - Password:
7213575aceACE@#$ - Email To:
arnold@steuler-kch.org
Extracted
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
arnoldlog@steuler-kch.org - Password:
7213575aceACE@#$
Targets
-
-
Target
cf2168940995549a47e170ff65e038af63a8217526c9dd292eed8f98957750bb.exe
-
Size
1.2MB
-
MD5
0dc62cfaa97d8e6e5b4b31770c78f47f
-
SHA1
7bceac1bbb293d269091fb13fe086aa7af5f1966
-
SHA256
cf2168940995549a47e170ff65e038af63a8217526c9dd292eed8f98957750bb
-
SHA512
b1e168461dc6e1b5acb9b8cea9f1e70711ccf1ed71194e9c79d19da6dc65c4c88dea942e9a99589f90e33dabd2256bc07981b9c5a8004ed1212cf0dbde3cf1ad
-
SSDEEP
24576:Q+vs6wgvlq0W188h4b3suhmaYwihwQwmX8zWTHF6VeZbCIXK8P5dEda5JM:Q+ExOzM4b8zwi6Q5fWexCIthdE
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-