General
-
Target
5ee155fa83f79ff60dd0cfa27b7298cf4c1115e46db59a078ce7daa82d8740f7
-
Size
577KB
-
Sample
230829-jnld5sdh4y
-
MD5
0ca8432e0b16e6306f1ec9eff5ca44f5
-
SHA1
d1ad34402cda1e382ec5c3e255b38463337b67b4
-
SHA256
5ee155fa83f79ff60dd0cfa27b7298cf4c1115e46db59a078ce7daa82d8740f7
-
SHA512
ef6bea7030ede3d6b926901c80bce0622fc9c545740435212c1e140a83a23b6c733d7c26ea0269791f640d807151346a92bbe2139fc132c959e6364ceb850c8c
-
SSDEEP
12288:h23adeOlgh7A4WAAyIZ6+F/LRDQlduuYlEdYKjOtUgT:Yad3Oh7ATu+FdDouuYlWYky
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
RuggedPw321!
Targets
-
-
Target
PRT 1012 DETAILS.exe
-
Size
989KB
-
MD5
3f8ad2097c025429fd84ee661df2dac5
-
SHA1
1396753e43102fe9f0ec40c434e7af6d7ef861a1
-
SHA256
f6c0ee9a2c07d5a3ce6faaca8842323f54eaba4175caef56fe4736d868db1ca0
-
SHA512
6006d6d98515a178b9fc8c0623b0456a70282f07a56c62c2c398e47d46972369d76b0c72d03952a673261cfa3656ac4ebc6df219f3576a4d542a95a3586ca5fb
-
SSDEEP
12288:6s8BBtnm3n0He9DlpzIpk1qaxbxQxkT4/rJw8flwykcnM9lPuTO47QpilQP/dUBu:Jh7ETyypVDmu8YJ8Y2q6
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Suspicious use of SetThreadContext
-