General
-
Target
cdde99520664ac313d43964620019c61.bin
-
Size
556KB
-
Sample
230403-bw6q2scb23
-
MD5
2bf2f6364687411bb3af5ce3dc4c91cd
-
SHA1
d04aa32a56e33927205b99b0da533e52a19a8e0f
-
SHA256
6bab2779e2d043efd0ded0a38b792293177f09da9e3c8afd62cb1c211fef98c3
-
SHA512
355ce4768e8bc16cd2c95cd4570fa4c89339e4cbab0aec1869b1046a239dcfea646de74ec5f246a92a9131040ce6a52a765aa6adceec841383a47fbd5f298764
-
SSDEEP
12288:TKPcpLEbSlalxzstRs4MvrkUb3GJEZsHzsNx8LA9EAdg2b:TKvbHlxQmvrkUIEZM4Nx8MvdB
Static task
static1
Behavioral task
behavioral1
Sample
40618ab352c23e61bb192f2aedd9360fed2df2a25d42491d0ab56eda5c2db558.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
40618ab352c23e61bb192f2aedd9360fed2df2a25d42491d0ab56eda5c2db558.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.japhethpumps.com - Port:
587 - Username:
[email protected] - Password:
#BkvzVF2
Targets
-
-
Target
40618ab352c23e61bb192f2aedd9360fed2df2a25d42491d0ab56eda5c2db558.bin
-
Size
616KB
-
MD5
cdde99520664ac313d43964620019c61
-
SHA1
8bac76a32bccaef31aa2bbdc59910a2b844040eb
-
SHA256
40618ab352c23e61bb192f2aedd9360fed2df2a25d42491d0ab56eda5c2db558
-
SHA512
27ac3a7153355fb9e9602bd2f16fc8d4ad8cc0d8585da76a6f2c86d7eb6bd202c9dc04a0b1174e5860a679edf0ab09d6306590f125cbe4761f45598e231ef11d
-
SSDEEP
12288:tf49Cf410BWcfBSkQvQ3btOUMRZonhFsc0Z7Y2PWGPtW2:echFckQIYPRSnfAVTW
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-