General
-
Target
df99e5fc145c2a6b08e6107e00bf759a.exe
-
Size
714KB
-
Sample
230403-pyjk7aeg65
-
MD5
df99e5fc145c2a6b08e6107e00bf759a
-
SHA1
7f4f9af387f7bfc019d5c027b6ac77b9a08f7f76
-
SHA256
84049d0a55fbeae800952079704c26fba374fab217b0b26b944a0d98ac66fab4
-
SHA512
fc17a24e407eb550516ed30b256c6c19a6632f3fd9c98d5d61a4f3941bc3e0c9ac1d3937c2974c98607d9551c0ab939efb6f87ea8281fcea85568de499889029
-
SSDEEP
12288:+5CBWKdq1FbwwJLwrxZvIOaDnjQ1RDfmazxwI+wVzsFKIWz71hk5DgxEX8:hfrpX/InQIYqQzmWVW5Dg6
Static task
static1
Behavioral task
behavioral1
Sample
df99e5fc145c2a6b08e6107e00bf759a.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
df99e5fc145c2a6b08e6107e00bf759a.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
qbkcioyfoxstxqax - Email To:
[email protected]
Targets
-
-
Target
df99e5fc145c2a6b08e6107e00bf759a.exe
-
Size
714KB
-
MD5
df99e5fc145c2a6b08e6107e00bf759a
-
SHA1
7f4f9af387f7bfc019d5c027b6ac77b9a08f7f76
-
SHA256
84049d0a55fbeae800952079704c26fba374fab217b0b26b944a0d98ac66fab4
-
SHA512
fc17a24e407eb550516ed30b256c6c19a6632f3fd9c98d5d61a4f3941bc3e0c9ac1d3937c2974c98607d9551c0ab939efb6f87ea8281fcea85568de499889029
-
SSDEEP
12288:+5CBWKdq1FbwwJLwrxZvIOaDnjQ1RDfmazxwI+wVzsFKIWz71hk5DgxEX8:hfrpX/InQIYqQzmWVW5Dg6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-