General
-
Target
94ad0ebd6edbf7b06cc194abb9d35a8bd8ce47245a99b603bce5a2c459bc875b
-
Size
692KB
-
Sample
231203-1pt64sff2w
-
MD5
a0187b818def9365be23b0f345e6aecf
-
SHA1
173aa9a1d29f64fecd62603431cd9c3b2910d86e
-
SHA256
94ad0ebd6edbf7b06cc194abb9d35a8bd8ce47245a99b603bce5a2c459bc875b
-
SHA512
a16bbd84a569e0b699793188efa82fd0fe0eaa6650abef0eb7f2f6c3791a04ddebb9e8640bff9301dcb3dc01aa51c710a177dd3d0c637c189dc215a47355f73b
-
SSDEEP
12288:E2iNtI4LutaSdiq/Soi+GdO3WLPr2KovO/HWMPYnzHVBZNKICZ:E1/u1vvUdvLPSKovOtPGBmF
Static task
static1
Behavioral task
behavioral1
Sample
94ad0ebd6edbf7b06cc194abb9d35a8bd8ce47245a99b603bce5a2c459bc875b.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.royalwealth.space - Port:
587 - Username:
[email protected] - Password:
sQxM4AdAZ5kY7As - Email To:
[email protected]
Targets
-
-
Target
94ad0ebd6edbf7b06cc194abb9d35a8bd8ce47245a99b603bce5a2c459bc875b
-
Size
692KB
-
MD5
a0187b818def9365be23b0f345e6aecf
-
SHA1
173aa9a1d29f64fecd62603431cd9c3b2910d86e
-
SHA256
94ad0ebd6edbf7b06cc194abb9d35a8bd8ce47245a99b603bce5a2c459bc875b
-
SHA512
a16bbd84a569e0b699793188efa82fd0fe0eaa6650abef0eb7f2f6c3791a04ddebb9e8640bff9301dcb3dc01aa51c710a177dd3d0c637c189dc215a47355f73b
-
SSDEEP
12288:E2iNtI4LutaSdiq/Soi+GdO3WLPr2KovO/HWMPYnzHVBZNKICZ:E1/u1vvUdvLPSKovOtPGBmF
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-