General
-
Target
700c5c6591caf57d5ab26431ccfb4510.exe
-
Size
796KB
-
Sample
230328-hzdb8she65
-
MD5
700c5c6591caf57d5ab26431ccfb4510
-
SHA1
c22497fd81c4b6e05a91253b2afd67161208c165
-
SHA256
8382a6ee4216faec05fbd17a082a85a05c4878ba1dbc440744439a5011eea035
-
SHA512
8e6340f82c903635057fd03cf15ea57903bebfe44493e8a4e4feae714783a4eb20ce6fa6a67c61f33062ebac3e015371cf25b2499c0f03b81f1560e9a5491699
-
SSDEEP
24576:+dVZ92k/LdTBp3BKPZ18neFAphXETc4vgeN:K32k/LdXBg1NqAZ
Static task
static1
Behavioral task
behavioral1
Sample
700c5c6591caf57d5ab26431ccfb4510.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
700c5c6591caf57d5ab26431ccfb4510.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
victorlog@saonline.xyz - Password:
7213575aceACE@#$ - Email To:
victor@saonline.xyz
Targets
-
-
Target
700c5c6591caf57d5ab26431ccfb4510.exe
-
Size
796KB
-
MD5
700c5c6591caf57d5ab26431ccfb4510
-
SHA1
c22497fd81c4b6e05a91253b2afd67161208c165
-
SHA256
8382a6ee4216faec05fbd17a082a85a05c4878ba1dbc440744439a5011eea035
-
SHA512
8e6340f82c903635057fd03cf15ea57903bebfe44493e8a4e4feae714783a4eb20ce6fa6a67c61f33062ebac3e015371cf25b2499c0f03b81f1560e9a5491699
-
SSDEEP
24576:+dVZ92k/LdTBp3BKPZ18neFAphXETc4vgeN:K32k/LdXBg1NqAZ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-