General
-
Target
0792112_868.exe
-
Size
713KB
-
Sample
230403-l3pq8aea42
-
MD5
67a54b81cb3866fb01b694027ab3b44a
-
SHA1
f0ec8070184b89eff79774b3f174d454d321b478
-
SHA256
5403a3c011c4f188e702aa8c8c02bb9d69d55e9da0e40f232c3f7a00cd3b6cbf
-
SHA512
a1d21be815a9db671aef34c5612f6ebdb81b44c85d663e0d6bd162c5c61d8a6dc167eed8ed625ded514bcdcff6ca33dd168cd17735f973e236bfd1e3737ac5e5
-
SSDEEP
12288:w5CBWKdq1FbwwJLwrbUJeltWz6IH+ljDw7qcq6vgf5NLZJpN3qgwDWvepMHsqJN:Tfrp3UJeHWeIH+FDWXvG9XpNaPyH7
Static task
static1
Behavioral task
behavioral1
Sample
0792112_868.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
0792112_868.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cnseguros.hn - Port:
587 - Username:
[email protected] - Password:
VivaXio2125 - Email To:
[email protected]
Targets
-
-
Target
0792112_868.exe
-
Size
713KB
-
MD5
67a54b81cb3866fb01b694027ab3b44a
-
SHA1
f0ec8070184b89eff79774b3f174d454d321b478
-
SHA256
5403a3c011c4f188e702aa8c8c02bb9d69d55e9da0e40f232c3f7a00cd3b6cbf
-
SHA512
a1d21be815a9db671aef34c5612f6ebdb81b44c85d663e0d6bd162c5c61d8a6dc167eed8ed625ded514bcdcff6ca33dd168cd17735f973e236bfd1e3737ac5e5
-
SSDEEP
12288:w5CBWKdq1FbwwJLwrbUJeltWz6IH+ljDw7qcq6vgf5NLZJpN3qgwDWvepMHsqJN:Tfrp3UJeHWeIH+FDWXvG9XpNaPyH7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-