General
-
Target
e51a98a2c15615f46cd415365fff4a350f66fb2225d3ca8a7543dedda915bfc3
-
Size
624KB
-
Sample
231201-flte7afb8v
-
MD5
1fe2ab407729f2892fe38a2871ef3e59
-
SHA1
ecbb28be546c98fb60c7a2f1fab3074aed50f27e
-
SHA256
e51a98a2c15615f46cd415365fff4a350f66fb2225d3ca8a7543dedda915bfc3
-
SHA512
6e4c0a97df2e8ec55bb8173e4ff7979defcdf14a8b58f7a30db70998a40ccc16c4d16d5719d75edc8346d691d39a235ea3dd8097afe0004c6369c26932b96f2f
-
SSDEEP
12288:Ex1np9HkF2QZER/dBclvcnfgXbXnj1H1cpq8FxtUUhY1WUhYrZXZl:cp+ZEnBfYXz91cFxrhY1NhUXZl
Static task
static1
Behavioral task
behavioral1
Sample
B.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
B.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
EwQnrCo8
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
EwQnrCo8 - Email To:
[email protected]
Targets
-
-
Target
B.exe
-
Size
676KB
-
MD5
efd1e7f9f2d9502c5b4879cb4f6ba765
-
SHA1
efbe91f6785af6529376cfe60354320df9a75ceb
-
SHA256
93e2033791b15d59db067f6cf052ba6e7ff1e1539390cf0f8b0c1c5bcd78d370
-
SHA512
22584da689ca4b0d99f05bc93991726ddf3c0f89621c68587626fda7e08f68b7f63f967df092b72b7a144e99f38c5b436046f7d6b474f6b50049a89b1b14ff6f
-
SSDEEP
12288:lCJZJUIwnqZVRXZLMlDcnngXNNnR1J1KHqub7XU0hY1qioGcNsWSurtoe:6ZJYmLLRgXrZ1K173hY17gs5urj
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-