General
-
Target
27c159a49e654e3c14a3ceee213d61a3.exe
-
Size
619KB
-
Sample
230403-pthhbsef79
-
MD5
27c159a49e654e3c14a3ceee213d61a3
-
SHA1
d3b800e97172d89503599ccaf55504943b34fdb1
-
SHA256
9a580a40478fe984f873013902404ec5eec375ffa95035f3d54f66fb6cbacd5a
-
SHA512
dca9b96c7580c1037558adbe2b29bcbbe9a48545b2d6b6c7143cc0d6789fb53db237a548ac5906fff0c03fb642114f5ad89effda47e7a9cbcfcf97ab7ea889ec
-
SSDEEP
12288:IotzLwrgczcf1bNMEO9xMI0B9WWDVaruQBsG:6P21RMhO9WWDXQ
Static task
static1
Behavioral task
behavioral1
Sample
27c159a49e654e3c14a3ceee213d61a3.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
27c159a49e654e3c14a3ceee213d61a3.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
qbkcioyfoxstxqax - Email To:
[email protected]
Targets
-
-
Target
27c159a49e654e3c14a3ceee213d61a3.exe
-
Size
619KB
-
MD5
27c159a49e654e3c14a3ceee213d61a3
-
SHA1
d3b800e97172d89503599ccaf55504943b34fdb1
-
SHA256
9a580a40478fe984f873013902404ec5eec375ffa95035f3d54f66fb6cbacd5a
-
SHA512
dca9b96c7580c1037558adbe2b29bcbbe9a48545b2d6b6c7143cc0d6789fb53db237a548ac5906fff0c03fb642114f5ad89effda47e7a9cbcfcf97ab7ea889ec
-
SSDEEP
12288:IotzLwrgczcf1bNMEO9xMI0B9WWDVaruQBsG:6P21RMhO9WWDXQ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-