General
-
Target
be58f2a6688c8c5e996f824e10864786.bin
-
Size
778KB
-
Sample
230331-cdvrhahf41
-
MD5
8a4e52b89b733b282ee334f04a9904d9
-
SHA1
7ee7ea2cc48bd9e2507ef0e7589a3e4b1322abcc
-
SHA256
748ab0ac2441a54a24ac21c558e11c23bfd4a370312bc933f9db7d2e191844a8
-
SHA512
ec9ec47d7a07d6c4b40181c139ab75d8cd44f99ec90980febc9ff6acf944a53b64c12e06706328098a30746779f03d24864d2ea0ef77ef61112de61546cd59d8
-
SSDEEP
12288:H7/vT9j8zOiSmlYisxjFatYz1LsZHht7RXDeaXsJJoQiWEV7GTIQfWW:HP1Q8mlYvjFeYz1LqPXDeoPTV74v
Static task
static1
Behavioral task
behavioral1
Sample
6afb80ce0f8163b83cf83124fa71b192233af267bd7089cfa4a9a2ff47abd854.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
6afb80ce0f8163b83cf83124fa71b192233af267bd7089cfa4a9a2ff47abd854.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
victorlog@saonline.xyz - Password:
7213575aceACE@#$ - Email To:
victor@saonline.xyz
Targets
-
-
Target
6afb80ce0f8163b83cf83124fa71b192233af267bd7089cfa4a9a2ff47abd854.exe
-
Size
1001KB
-
MD5
be58f2a6688c8c5e996f824e10864786
-
SHA1
60bdcc0e631e13da7cd580d8f8b619592b8fa148
-
SHA256
6afb80ce0f8163b83cf83124fa71b192233af267bd7089cfa4a9a2ff47abd854
-
SHA512
ea3241dfa423c2539ee9a767d2c7692487d38401c034d744ea60ba77d2308e3823069b022433846b09ce6798e49e7eb7259ad5d7894a248082cdf4090c3b9448
-
SSDEEP
24576:1L12zVZ97g/qyVPir6Bgg2ZvevwfEyWCv2FV:1LAR374smB/Kv2wf7OF
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-