General
-
Target
efbadf6608789bb0cf7196978b4d71df.exe
-
Size
685KB
-
Sample
231202-t9d73aeb47
-
MD5
efbadf6608789bb0cf7196978b4d71df
-
SHA1
cafd7cd91642a2753f8a1c50a9260cd24ec6d280
-
SHA256
bbd571c10577d25dcdb8b4302d9e2cd872d824fb6df542997fc4819bbce147b6
-
SHA512
aeb7c9ff28e307f47eef2230313a73c4bdd2ec106c019754165a74a93136448790ca96ab72475c4aeb9e91ef6180db7d3349afedb02549057e267c35cd48f994
-
SSDEEP
12288:rCQRJ0IkziYn3v1mPnxZeTzddvHl9VGe9ClflNrf/sXqZ2:lRJ6zJG3eTzHHXLClf7r3x4
Static task
static1
Behavioral task
behavioral1
Sample
efbadf6608789bb0cf7196978b4d71df.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
efbadf6608789bb0cf7196978b4d71df.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$
Extracted
agenttesla
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
Targets
-
-
Target
efbadf6608789bb0cf7196978b4d71df.exe
-
Size
685KB
-
MD5
efbadf6608789bb0cf7196978b4d71df
-
SHA1
cafd7cd91642a2753f8a1c50a9260cd24ec6d280
-
SHA256
bbd571c10577d25dcdb8b4302d9e2cd872d824fb6df542997fc4819bbce147b6
-
SHA512
aeb7c9ff28e307f47eef2230313a73c4bdd2ec106c019754165a74a93136448790ca96ab72475c4aeb9e91ef6180db7d3349afedb02549057e267c35cd48f994
-
SSDEEP
12288:rCQRJ0IkziYn3v1mPnxZeTzddvHl9VGe9ClflNrf/sXqZ2:lRJ6zJG3eTzHHXLClf7r3x4
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-