General
-
Target
957bb2e849b57f5e806b98fcd41d48cb0dd20dda233570223031e38b380029e3
-
Size
706KB
-
Sample
230331-fgl6bage69
-
MD5
73ab9541dc29cedb5e963ab383902f05
-
SHA1
cf1b13c64053a9a1768357a1877b656f77a0c34b
-
SHA256
957bb2e849b57f5e806b98fcd41d48cb0dd20dda233570223031e38b380029e3
-
SHA512
2d03e01391702550266a77c62f5f548a3b405d7df3264b58fa9bf74b7d624b380408512046478ef2fdca23830b55414535386001e2db2a010b3deabc65367fd3
-
SSDEEP
12288:/xblHGYCP+lIQoug1ra+ooljTFHpIhkX8NQJsvGjuhCsSNM9NimOMt+:/xblHGYek6j5HpIh1Q4Xh7SW9NimX
Static task
static1
Behavioral task
behavioral1
Sample
957bb2e849b57f5e806b98fcd41d48cb0dd20dda233570223031e38b380029e3.exe
Resource
win10-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
victorlog@saonline.xyz - Password:
7213575aceACE@#$ - Email To:
victor@saonline.xyz
Targets
-
-
Target
957bb2e849b57f5e806b98fcd41d48cb0dd20dda233570223031e38b380029e3
-
Size
706KB
-
MD5
73ab9541dc29cedb5e963ab383902f05
-
SHA1
cf1b13c64053a9a1768357a1877b656f77a0c34b
-
SHA256
957bb2e849b57f5e806b98fcd41d48cb0dd20dda233570223031e38b380029e3
-
SHA512
2d03e01391702550266a77c62f5f548a3b405d7df3264b58fa9bf74b7d624b380408512046478ef2fdca23830b55414535386001e2db2a010b3deabc65367fd3
-
SSDEEP
12288:/xblHGYCP+lIQoug1ra+ooljTFHpIhkX8NQJsvGjuhCsSNM9NimOMt+:/xblHGYek6j5HpIh1Q4Xh7SW9NimX
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-