General
-
Target
7d34c665021b9bb48eac42f853d0272d.bin
-
Size
587KB
-
Sample
230402-b4anksfc8v
-
MD5
2e749b2cf504e936f744f2190cc3c532
-
SHA1
f9bbe88cc3a889374d164111e4e65f5ba96be14a
-
SHA256
5f962c106a415b8f0787b589becb09e4e948ba14801c563ecb6287bb643db388
-
SHA512
f02c1bf9258c6f04e6715ca85ffdf8141654cd0a152d82ace9e1e5cd30263c40ef9c8bd9d439c57b3a7d834a83aef216d066e9d93fc0ae6d4a1b4b47ea2fca77
-
SSDEEP
12288:6FxUW/0yg43rZDQdoFHMLR9QEAufaM38W9qjZ7pAf/R51K7xxmbkNuIuKg9nk:5Wsy/FD/0R9RA2x9qjZsq7xxmwNufK+k
Static task
static1
Behavioral task
behavioral1
Sample
90e926a50fdd51897942e407e917649f7cfdac92a9f95cc73d263c8f7fff695e.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
90e926a50fdd51897942e407e917649f7cfdac92a9f95cc73d263c8f7fff695e.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
HNnNLPY3 - Email To:
[email protected]
Targets
-
-
Target
90e926a50fdd51897942e407e917649f7cfdac92a9f95cc73d263c8f7fff695e.exe
-
Size
706KB
-
MD5
7d34c665021b9bb48eac42f853d0272d
-
SHA1
0f874e935da3f58a06a4d28d8786811e0883574a
-
SHA256
90e926a50fdd51897942e407e917649f7cfdac92a9f95cc73d263c8f7fff695e
-
SHA512
7950cc2b634bc3233e8a2e3672d3ae48102408b940f472bbe68ffde139981ff94304bc7cd4a1b2e46b59819fa15800ca4040e5b51c24d46e4b228115e87483ea
-
SSDEEP
12288:qxVqHHYCPjimOMt+ryNN9wP+9x+aCyNGZdnnKbLctqg3nZoZzwa:qxVqHHYOimXYyNNOPOlfNLbRkZ6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-