General
-
Target
a4922460a18c2133dd7cf50f5c7428a3.exe
-
Size
653KB
-
Sample
230330-whfb6afb4x
-
MD5
a4922460a18c2133dd7cf50f5c7428a3
-
SHA1
b986952aaf9cf2bd684162de6cd2321545f2a6c4
-
SHA256
2d839f4c436d5d238e52787682dba7eced27e04756bc15472f4e5e62c9805715
-
SHA512
a64b1c9b62e5527aba6617307955d8554dc041331ae78f654e81c826013ec7ad517fba1c7e194ef77f204b1717a8621e225c93d3c72aa8de59d579f22677321b
-
SSDEEP
12288:GGSmdH9eGvay8s3KGHHhFda1RAN9ZXe7PmkVxpEgHfyRou/FvYxcjP18eimOMt+:GYdH9eGiY3FnI1RAteTrgSux7PhimX
Static task
static1
Behavioral task
behavioral1
Sample
a4922460a18c2133dd7cf50f5c7428a3.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
a4922460a18c2133dd7cf50f5c7428a3.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
omananilampard1@yandex.com - Password:
qbkcioyfoxstxqax - Email To:
omananilampard1@yandex.com
Targets
-
-
Target
a4922460a18c2133dd7cf50f5c7428a3.exe
-
Size
653KB
-
MD5
a4922460a18c2133dd7cf50f5c7428a3
-
SHA1
b986952aaf9cf2bd684162de6cd2321545f2a6c4
-
SHA256
2d839f4c436d5d238e52787682dba7eced27e04756bc15472f4e5e62c9805715
-
SHA512
a64b1c9b62e5527aba6617307955d8554dc041331ae78f654e81c826013ec7ad517fba1c7e194ef77f204b1717a8621e225c93d3c72aa8de59d579f22677321b
-
SSDEEP
12288:GGSmdH9eGvay8s3KGHHhFda1RAN9ZXe7PmkVxpEgHfyRou/FvYxcjP18eimOMt+:GYdH9eGiY3FnI1RAteTrgSux7PhimX
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-