General
-
Target
baa8f36bbac74541c841caa0a891d8913224001d33452bcd735754b663e67bd2.exe
-
Size
650KB
-
Sample
231202-jeqx9sae65
-
MD5
987a2dd36bf202de190bb71bdba080b7
-
SHA1
3609ffe72f3982c9fc7a8199bcc2b9fb88f6771f
-
SHA256
baa8f36bbac74541c841caa0a891d8913224001d33452bcd735754b663e67bd2
-
SHA512
3a29940db9875c030b2ab9d9911ebbc6c0c64a1ca4037931eb38b023f16b70a609feceb95b243af5698ac9dc39320795ce6c857f537a5f4e9254332b13b237dd
-
SSDEEP
12288:PHbA7SxtLLhNYWW8KBq/o0/mw9IvoOa4yqCL8Y3d00Yvog2aAFQR0/jkwNmopox:USvtZ4Y/CvobQYS0YvWAokeme
Static task
static1
Behavioral task
behavioral1
Sample
baa8f36bbac74541c841caa0a891d8913224001d33452bcd735754b663e67bd2.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
baa8f36bbac74541c841caa0a891d8913224001d33452bcd735754b663e67bd2.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.crusatabogados.com - Port:
587 - Username:
[email protected] - Password:
Ticote42? - Email To:
[email protected]
Targets
-
-
Target
baa8f36bbac74541c841caa0a891d8913224001d33452bcd735754b663e67bd2.exe
-
Size
650KB
-
MD5
987a2dd36bf202de190bb71bdba080b7
-
SHA1
3609ffe72f3982c9fc7a8199bcc2b9fb88f6771f
-
SHA256
baa8f36bbac74541c841caa0a891d8913224001d33452bcd735754b663e67bd2
-
SHA512
3a29940db9875c030b2ab9d9911ebbc6c0c64a1ca4037931eb38b023f16b70a609feceb95b243af5698ac9dc39320795ce6c857f537a5f4e9254332b13b237dd
-
SSDEEP
12288:PHbA7SxtLLhNYWW8KBq/o0/mw9IvoOa4yqCL8Y3d00Yvog2aAFQR0/jkwNmopox:USvtZ4Y/CvobQYS0YvWAokeme
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-