General
-
Target
0126112322618366253761236701.exe
-
Size
788KB
-
Sample
231203-tt6x5sda6t
-
MD5
5fc03606153df43c6cafaed1b281a17e
-
SHA1
cb27e1954898a3da99e731f4bbf6f00c9fdf281e
-
SHA256
2b0b839d4f9f78fba2a72fe526f4f56a8e1ea4d1e0585bfce395ca2715985b83
-
SHA512
c0a0b6dd0b1cdc309ad28c213895dd8e8afb4fec7ac81fa268eb369f6ef7a3ab70807e8b3d10dd4b3b85d6cdcf626521b0c4fe5f328cb3acb22ecf72af1cf9be
-
SSDEEP
12288:ZxiMvsEqYE2uXgq5ZYJX4698KlpvsVYBhjiW3t/GUG8Kwm+HJK4ENz1s:ZcMjPKoo6lvOYBNiWd/s8KwbENe
Static task
static1
Behavioral task
behavioral1
Sample
0126112322618366253761236701.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
0126112322618366253761236701.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
godwillxzn.com - Port:
587 - Username:
[email protected] - Password:
Samar561984$ - Email To:
[email protected]
Targets
-
-
Target
0126112322618366253761236701.exe
-
Size
788KB
-
MD5
5fc03606153df43c6cafaed1b281a17e
-
SHA1
cb27e1954898a3da99e731f4bbf6f00c9fdf281e
-
SHA256
2b0b839d4f9f78fba2a72fe526f4f56a8e1ea4d1e0585bfce395ca2715985b83
-
SHA512
c0a0b6dd0b1cdc309ad28c213895dd8e8afb4fec7ac81fa268eb369f6ef7a3ab70807e8b3d10dd4b3b85d6cdcf626521b0c4fe5f328cb3acb22ecf72af1cf9be
-
SSDEEP
12288:ZxiMvsEqYE2uXgq5ZYJX4698KlpvsVYBhjiW3t/GUG8Kwm+HJK4ENz1s:ZcMjPKoo6lvOYBNiWd/s8KwbENe
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-