General
-
Target
b6f2ee3dbb723733889d1022a57910e6dbd5a5f86d8a1d7c8e06f9c0ffaf84b6.exe
-
Size
613KB
-
Sample
231202-jeaw2sae59
-
MD5
39fb75762707ccd673d011de0128d4f1
-
SHA1
6856c0d143a47c02812ba6ef93b3dbaacf06ff4d
-
SHA256
b6f2ee3dbb723733889d1022a57910e6dbd5a5f86d8a1d7c8e06f9c0ffaf84b6
-
SHA512
dc25cdfa1f836c362f7e1e59f36dd4fcd0502ef0d8e3cffb1efeadc3a101780131b77775932a5e3dbfd01ac12bae9ec2acb333eab8890e4389b2f0310282da0c
-
SSDEEP
12288:ZqfLYYZXTyVUXrkW/9ohMj9l+POEkCEeTffmPmWNC7SXXBIUFSD4/kcJTWB8YI:sXTC+Qyj+Tv3qmWbn6CdLJTxY
Static task
static1
Behavioral task
behavioral1
Sample
b6f2ee3dbb723733889d1022a57910e6dbd5a5f86d8a1d7c8e06f9c0ffaf84b6.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
b6f2ee3dbb723733889d1022a57910e6dbd5a5f86d8a1d7c8e06f9c0ffaf84b6.exe
Resource
win10v2004-20231201-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.royalwealth.space - Port:
587 - Username:
[email protected] - Password:
sQxM4AdAZ5kY7As - Email To:
[email protected]
Targets
-
-
Target
b6f2ee3dbb723733889d1022a57910e6dbd5a5f86d8a1d7c8e06f9c0ffaf84b6.exe
-
Size
613KB
-
MD5
39fb75762707ccd673d011de0128d4f1
-
SHA1
6856c0d143a47c02812ba6ef93b3dbaacf06ff4d
-
SHA256
b6f2ee3dbb723733889d1022a57910e6dbd5a5f86d8a1d7c8e06f9c0ffaf84b6
-
SHA512
dc25cdfa1f836c362f7e1e59f36dd4fcd0502ef0d8e3cffb1efeadc3a101780131b77775932a5e3dbfd01ac12bae9ec2acb333eab8890e4389b2f0310282da0c
-
SSDEEP
12288:ZqfLYYZXTyVUXrkW/9ohMj9l+POEkCEeTffmPmWNC7SXXBIUFSD4/kcJTWB8YI:sXTC+Qyj+Tv3qmWbn6CdLJTxY
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-