General
-
Target
c590f753b04774ae8e45fdece3d31ceafc9df7445a1473e63fc281cad03b5488.exe
-
Size
351KB
-
Sample
231202-jdgm7sae49
-
MD5
ebdf9dcf04da8f500480fd73171e6b7d
-
SHA1
e30c81881d0933f4a03a692345cc4c7cce6d571f
-
SHA256
c590f753b04774ae8e45fdece3d31ceafc9df7445a1473e63fc281cad03b5488
-
SHA512
e714241ccefb2f854b7f21274bc7af00bf63b751fc1edf361fd810a83deacf9d98cea2e1f6836f05f6c73eebb0f62cbfcbacdd08c498dc0fc581312242856205
-
SSDEEP
6144:wBlL/COT4k6135ecz+IyDJy6Fc/bFQ0odCih1TTZT732b58Oqa8OYRVjogSryENs:CE461JX+IyDJysc/9odCETT5y58OFgKe
Static task
static1
Behavioral task
behavioral1
Sample
c590f753b04774ae8e45fdece3d31ceafc9df7445a1473e63fc281cad03b5488.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
c590f753b04774ae8e45fdece3d31ceafc9df7445a1473e63fc281cad03b5488.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.nmsltd.com.tr - Port:
587 - Username:
[email protected] - Password:
nms190019
Targets
-
-
Target
c590f753b04774ae8e45fdece3d31ceafc9df7445a1473e63fc281cad03b5488.exe
-
Size
351KB
-
MD5
ebdf9dcf04da8f500480fd73171e6b7d
-
SHA1
e30c81881d0933f4a03a692345cc4c7cce6d571f
-
SHA256
c590f753b04774ae8e45fdece3d31ceafc9df7445a1473e63fc281cad03b5488
-
SHA512
e714241ccefb2f854b7f21274bc7af00bf63b751fc1edf361fd810a83deacf9d98cea2e1f6836f05f6c73eebb0f62cbfcbacdd08c498dc0fc581312242856205
-
SSDEEP
6144:wBlL/COT4k6135ecz+IyDJy6Fc/bFQ0odCih1TTZT732b58Oqa8OYRVjogSryENs:CE461JX+IyDJysc/9odCETT5y58OFgKe
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-