General
-
Target
bc45b922013144e6fbe095ccea82708100d7b9d28aeae8de3b86df387d9a10be
-
Size
798KB
-
Sample
230331-jsw2fagh69
-
MD5
11e598d1494e0b39fd8e49f053dbb5da
-
SHA1
3b63d75fa6a7532ccbe51bd0851e495c20a0aa0a
-
SHA256
bc45b922013144e6fbe095ccea82708100d7b9d28aeae8de3b86df387d9a10be
-
SHA512
65bb3d1c8e78355da8dc490542f576098e96fa0b64f3c447e5ed928b44926b747125cbc912dbfbb3c0a38ae7e70dd4f681f8c4e944f7c4f7673798ea8b3f7103
-
SSDEEP
24576:BqYFky9S1VKBY9mUJNVaPdrCshimX5nlHw:E4/S1VKmmUJNAPdrConlHw
Static task
static1
Behavioral task
behavioral1
Sample
bc45b922013144e6fbe095ccea82708100d7b9d28aeae8de3b86df387d9a10be.exe
Resource
win10-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
victorlog@saonline.xyz - Password:
7213575aceACE@#$ - Email To:
victor@saonline.xyz
Targets
-
-
Target
bc45b922013144e6fbe095ccea82708100d7b9d28aeae8de3b86df387d9a10be
-
Size
798KB
-
MD5
11e598d1494e0b39fd8e49f053dbb5da
-
SHA1
3b63d75fa6a7532ccbe51bd0851e495c20a0aa0a
-
SHA256
bc45b922013144e6fbe095ccea82708100d7b9d28aeae8de3b86df387d9a10be
-
SHA512
65bb3d1c8e78355da8dc490542f576098e96fa0b64f3c447e5ed928b44926b747125cbc912dbfbb3c0a38ae7e70dd4f681f8c4e944f7c4f7673798ea8b3f7103
-
SSDEEP
24576:BqYFky9S1VKBY9mUJNVaPdrCshimX5nlHw:E4/S1VKmmUJNAPdrConlHw
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-