General
-
Target
NV-JRH250119115.exe
-
Size
1.0MB
-
Sample
230403-qbgnraeh57
-
MD5
98830e215ee0b2944e67772fa0ea3e9f
-
SHA1
c3e10064de9528c55483f8cb1f8a50c5f9766240
-
SHA256
66cfc79f6ab40d3fd5c394dd9e44f58dfa9ee7d2e2d105ac8ad6f181bbb5ebe8
-
SHA512
9aa5ede0bf1b056310a8b1fb268bb2731af06cef4e67f6fec1a8d6383c9836fabb48b0f562355eb2254670e74ca761937fed7b83396a72df11eec2edefe897c4
-
SSDEEP
12288:3RIPtZxZKCDxjwjZ7/qQVV37QPBufaVTKA+yHXv+mAyywVzjZ3UcW+/xDrqllste:3RIPtZxZKitUxlOqa4O3v+mewVH3
Static task
static1
Behavioral task
behavioral1
Sample
NV-JRH250119115.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
NV-JRH250119115.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.focuzpartsmart.com - Port:
587 - Username:
[email protected] - Password:
FpmJhn@2023 - Email To:
[email protected]
Targets
-
-
Target
NV-JRH250119115.exe
-
Size
1.0MB
-
MD5
98830e215ee0b2944e67772fa0ea3e9f
-
SHA1
c3e10064de9528c55483f8cb1f8a50c5f9766240
-
SHA256
66cfc79f6ab40d3fd5c394dd9e44f58dfa9ee7d2e2d105ac8ad6f181bbb5ebe8
-
SHA512
9aa5ede0bf1b056310a8b1fb268bb2731af06cef4e67f6fec1a8d6383c9836fabb48b0f562355eb2254670e74ca761937fed7b83396a72df11eec2edefe897c4
-
SSDEEP
12288:3RIPtZxZKCDxjwjZ7/qQVV37QPBufaVTKA+yHXv+mAyywVzjZ3UcW+/xDrqllste:3RIPtZxZKitUxlOqa4O3v+mewVH3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-