General
-
Target
a2d66e4146380e9e6567abc6e21747dc.exe
-
Size
715KB
-
Sample
230403-pyjaeseg63
-
MD5
a2d66e4146380e9e6567abc6e21747dc
-
SHA1
fdb55f6cd135427979b8b1d13a7257cb44ca0273
-
SHA256
fb373eca894b2523afbe1c0bfb7df775820e458d493a1e6df94e5da79ff7e232
-
SHA512
bfaa7f51946ed164ea6ff7b951a9e3751a25636084c59123d320317ad3355a94c8eb2a74c028212773d5db738ee6589b098ccae7cfe10a0c0f8406a888c92f55
-
SSDEEP
12288:C5CBWKdq1FbwwJLwre7d7u/wweahzyUX6FHCBDzpGey15KZ2ZLZiAXx:tfrpOopeaZJ1z215eqzx
Static task
static1
Behavioral task
behavioral1
Sample
a2d66e4146380e9e6567abc6e21747dc.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
a2d66e4146380e9e6567abc6e21747dc.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$
Targets
-
-
Target
a2d66e4146380e9e6567abc6e21747dc.exe
-
Size
715KB
-
MD5
a2d66e4146380e9e6567abc6e21747dc
-
SHA1
fdb55f6cd135427979b8b1d13a7257cb44ca0273
-
SHA256
fb373eca894b2523afbe1c0bfb7df775820e458d493a1e6df94e5da79ff7e232
-
SHA512
bfaa7f51946ed164ea6ff7b951a9e3751a25636084c59123d320317ad3355a94c8eb2a74c028212773d5db738ee6589b098ccae7cfe10a0c0f8406a888c92f55
-
SSDEEP
12288:C5CBWKdq1FbwwJLwre7d7u/wweahzyUX6FHCBDzpGey15KZ2ZLZiAXx:tfrpOopeaZJ1z215eqzx
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-