General
-
Target
ba8fe3fdbbd12dbb483157149456abe8.bin
-
Size
800KB
-
Sample
230328-cq7ltsge39
-
MD5
42c82ff44dc23cdbf1e9f77727043a4a
-
SHA1
267e8a650e3c83ff536a00b81e8babe7130a5473
-
SHA256
3025f0d98d7a83f68517bf42792fd435f4c2d9c7e28c87f898f8c42aa197a326
-
SHA512
0a807c1149c0145312fe092331547286b1780c6c17d9577e098fc5ccfa72b226bfa4b1a34fd41876c4d97f093a3ab5cf9f612cfd010982d7c086ed5ac6f8e0d2
-
SSDEEP
12288:HvUcC/CRyFEWDz+dqCe2OV9i9qPdLXWo0tk/X30qkINLGZaoXitK5EtG6i+bctmp:E/CQFzElu0oP6tsAIHQitcL6i3tG
Static task
static1
Behavioral task
behavioral1
Sample
e3928bbb3f5c9d07d47db48ba6c4325b663894e15019a220bacee24653b4c4f5.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
e3928bbb3f5c9d07d47db48ba6c4325b663894e15019a220bacee24653b4c4f5.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
arnoldlog@steuler-kch.org - Password:
7213575aceACE@#$ - Email To:
arnold@steuler-kch.org
Extracted
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
arnoldlog@steuler-kch.org - Password:
7213575aceACE@#$
Targets
-
-
Target
e3928bbb3f5c9d07d47db48ba6c4325b663894e15019a220bacee24653b4c4f5.exe
-
Size
977KB
-
MD5
ba8fe3fdbbd12dbb483157149456abe8
-
SHA1
ded7c22a7cfd7826a8172ae5401576173aba976b
-
SHA256
e3928bbb3f5c9d07d47db48ba6c4325b663894e15019a220bacee24653b4c4f5
-
SHA512
ea06011347332fa0d609a36b575f4b2046267c8be05cce2cee2a0282607f58edcf6971477fbded0b9db38c9a986b3913c2c4ed056d97ad83b5c32f052172444e
-
SSDEEP
24576:AL242pyeFMoyiuvLMELLlYF3kuvj+YJmtt6uF:ALlHoyiGLlePvj+Y8tt6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-