General
-
Target
5d8586ba0e3d96a8319b0670301eee02.bin
-
Size
556KB
-
Sample
230401-bxn8dsfa76
-
MD5
0e0db86350afed601261bd0fa5e03190
-
SHA1
eb7339dfd49d028dd85cb69b5313d02f9e35a4ba
-
SHA256
1f199bbf8f7c54db37e38565ec8cf165404538041a866ff69e71740ed15c690f
-
SHA512
d33ade7994ac9ef71294ff40fdb12ed7899cde7ca48888396940e0843f2eb1041a85173297db551c19c5721560df29b177b8e4b7ee94b5b6e827a36783bd1e57
-
SSDEEP
12288:T9sUS4E5MKOklIZxSmzpXYk8erjKheuY3t/qKUQy7:T9sU/Ixup5jKyBKt7
Static task
static1
Behavioral task
behavioral1
Sample
4cd98fb6668986620818ee269211c338c653064350b2a319a25ea9ba48110050.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
4cd98fb6668986620818ee269211c338c653064350b2a319a25ea9ba48110050.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
omananilampard1@yandex.com - Password:
qbkcioyfoxstxqax - Email To:
omananilampard1@yandex.com
Targets
-
-
Target
4cd98fb6668986620818ee269211c338c653064350b2a319a25ea9ba48110050.exe
-
Size
680KB
-
MD5
5d8586ba0e3d96a8319b0670301eee02
-
SHA1
0c1bc52f55e3b35ef78197f42f32a6592a89217c
-
SHA256
4cd98fb6668986620818ee269211c338c653064350b2a319a25ea9ba48110050
-
SHA512
e485ddebd05747743d4ee9556fb185731c8ce465dc57a57ff082574fc3b4d7779e315957f906b19bc3f90c9c5a4a7619ec2506ee245b87d41ca55d3140d16f06
-
SSDEEP
12288:oeJ/sImihh+XJjR6ZiPUpEwCb+RImoQO7FZYisnSCKOQJAtimOMt+EM:tOJjQQFb+e1Bei9CKOQJAimXl
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-