General
-
Target
92b778e6419a8f632fef4768e97f7075.exe
-
Size
623KB
-
Sample
230403-pt342aef89
-
MD5
92b778e6419a8f632fef4768e97f7075
-
SHA1
7c4d96617b6ecf6188273603b549ee166f30cfa1
-
SHA256
44ef1bf0090143868b6397ac30c5a5f3ea6b83dc8013cb4b57c691ddb5d88b9b
-
SHA512
32b933cfad9b020a059e5d0a8e99c341c88909269f097457a26393253d2de7ca9f84424f4ead9916da0a7ffe25af104fbd676fd21137c32b779b3c24fa029623
-
SSDEEP
12288:johtzLwr+6groWG01dZ33daezVE69Lb7gKtaAEpf6QCtOy:hi7J3z3t869Lb7ftaAEpfPC8
Static task
static1
Behavioral task
behavioral1
Sample
92b778e6419a8f632fef4768e97f7075.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
92b778e6419a8f632fef4768e97f7075.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$
Targets
-
-
Target
92b778e6419a8f632fef4768e97f7075.exe
-
Size
623KB
-
MD5
92b778e6419a8f632fef4768e97f7075
-
SHA1
7c4d96617b6ecf6188273603b549ee166f30cfa1
-
SHA256
44ef1bf0090143868b6397ac30c5a5f3ea6b83dc8013cb4b57c691ddb5d88b9b
-
SHA512
32b933cfad9b020a059e5d0a8e99c341c88909269f097457a26393253d2de7ca9f84424f4ead9916da0a7ffe25af104fbd676fd21137c32b779b3c24fa029623
-
SSDEEP
12288:johtzLwr+6groWG01dZ33daezVE69Lb7gKtaAEpf6QCtOy:hi7J3z3t869Lb7ftaAEpfPC8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-