General
-
Target
59494a51618f234021c0dae2d87667ce9e431b8a75a1b4952d3e48bf71492fbb.zip
-
Size
830KB
-
Sample
231203-dq3tbahc7y
-
MD5
0df72c8341653da7ffa5fe7a2f3cc4d7
-
SHA1
0fdeaff6ea5103feb37a303f661cd5ad4457d78d
-
SHA256
26b50a4bab3006b3d5212c684309a83c0cafe86470b8df34dba46072fff84db7
-
SHA512
5d4078f7179f6b0055f8c20b4dd53dd459b8eba5ded72ebb6a4e49e968d5c11a14ca18bb0e45c6bbb24b237bfb8e6cc7898c6d82331bc4ee7ad07798685fa902
-
SSDEEP
24576:vyRpLfW/sSLPBGtjR/lYJUGrvwKvZByvUBFUBf:4jSsOPBGbGMKvZqLf
Static task
static1
Behavioral task
behavioral1
Sample
59494a51618f234021c0dae2d87667ce9e431b8a75a1b4952d3e48bf71492fbb.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
59494a51618f234021c0dae2d87667ce9e431b8a75a1b4952d3e48bf71492fbb.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sseximclearing.com - Port:
587 - Username:
[email protected] - Password:
Ssxm@9854 - Email To:
[email protected]
Targets
-
-
Target
59494a51618f234021c0dae2d87667ce9e431b8a75a1b4952d3e48bf71492fbb.exe
-
Size
2.1MB
-
MD5
8168481e7fcc45a8c01adc93985bf29c
-
SHA1
28e8c9bd9b0274ab5767e47c263d46b174e780d7
-
SHA256
59494a51618f234021c0dae2d87667ce9e431b8a75a1b4952d3e48bf71492fbb
-
SHA512
b241186b7de203b5ed910b6e3abda1cdbf1fd5a19a2f7d743fbc9906d71a1a4a429bffd1f37ceb6b976aa1069f5865bacd1ed32540d0af04633cc585317bba3f
-
SSDEEP
24576:tipf1GQCFmAQEjlvZpLcOq4aBgzGWTAB:SoFllVq4DzGWTAB
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-