General
-
Target
a86ebb515972e0290fe78d073a8a057ae65181ffc8f511f2ddcebe1fb9a47a5e.exe
-
Size
717KB
-
Sample
231202-k8lfbabc36
-
MD5
08ebb1813895b664712ce4b91d3ae1f7
-
SHA1
a2f15bf230124ec8c1cd658a721528e6800e4c9d
-
SHA256
a86ebb515972e0290fe78d073a8a057ae65181ffc8f511f2ddcebe1fb9a47a5e
-
SHA512
7cddbe02536f43949c33de2e084d38aac8baa42fc628bb5dd73293de26ba7e8bc5b5082d5c24ab3ea5e087e0c493c140b327ef7b88bc1834383c00a89b7ea363
-
SSDEEP
12288:ptHnV7rD6PuHzDDGrqMaofNbWQUIHs3siRN:t3DXX4qMaybXBwsi7
Static task
static1
Behavioral task
behavioral1
Sample
a86ebb515972e0290fe78d073a8a057ae65181ffc8f511f2ddcebe1fb9a47a5e.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
a86ebb515972e0290fe78d073a8a057ae65181ffc8f511f2ddcebe1fb9a47a5e.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.rmmarine.com.sg - Port:
587 - Username:
[email protected] - Password:
Rmms201809 - Email To:
[email protected]
Targets
-
-
Target
a86ebb515972e0290fe78d073a8a057ae65181ffc8f511f2ddcebe1fb9a47a5e.exe
-
Size
717KB
-
MD5
08ebb1813895b664712ce4b91d3ae1f7
-
SHA1
a2f15bf230124ec8c1cd658a721528e6800e4c9d
-
SHA256
a86ebb515972e0290fe78d073a8a057ae65181ffc8f511f2ddcebe1fb9a47a5e
-
SHA512
7cddbe02536f43949c33de2e084d38aac8baa42fc628bb5dd73293de26ba7e8bc5b5082d5c24ab3ea5e087e0c493c140b327ef7b88bc1834383c00a89b7ea363
-
SSDEEP
12288:ptHnV7rD6PuHzDDGrqMaofNbWQUIHs3siRN:t3DXX4qMaybXBwsi7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-