General
-
Target
4d5a294aca53f604a1773d3d05a4c849e7aa5d08e48b62359da64ebcd22bc8c4.exe
-
Size
886KB
-
Sample
231204-v98mcaea65
-
MD5
7917fbaf428ac4ee4438cc06959108d7
-
SHA1
db4f83927ed86ba1331271ee8194a35ffddbb2df
-
SHA256
4d5a294aca53f604a1773d3d05a4c849e7aa5d08e48b62359da64ebcd22bc8c4
-
SHA512
5006f7c6cb4a3d2d068439aaf77f8dd08d4bcaa499e1873543ae36d47b925beefff0911bb1dbe712c92e66114124681d4663c1a180669eba31f633bb05e72ab2
-
SSDEEP
24576:nCCCCCCC8CpCPCCsCCSes9zKDu2X/GIPsxC1E:NdIlXJPsxCS
Static task
static1
Behavioral task
behavioral1
Sample
4d5a294aca53f604a1773d3d05a4c849e7aa5d08e48b62359da64ebcd22bc8c4.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
4d5a294aca53f604a1773d3d05a4c849e7aa5d08e48b62359da64ebcd22bc8c4.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
godwillxzn.com - Port:
587 - Username:
[email protected] - Password:
Samar561984$ - Email To:
[email protected]
Targets
-
-
Target
4d5a294aca53f604a1773d3d05a4c849e7aa5d08e48b62359da64ebcd22bc8c4.exe
-
Size
886KB
-
MD5
7917fbaf428ac4ee4438cc06959108d7
-
SHA1
db4f83927ed86ba1331271ee8194a35ffddbb2df
-
SHA256
4d5a294aca53f604a1773d3d05a4c849e7aa5d08e48b62359da64ebcd22bc8c4
-
SHA512
5006f7c6cb4a3d2d068439aaf77f8dd08d4bcaa499e1873543ae36d47b925beefff0911bb1dbe712c92e66114124681d4663c1a180669eba31f633bb05e72ab2
-
SSDEEP
24576:nCCCCCCC8CpCPCCsCCSes9zKDu2X/GIPsxC1E:NdIlXJPsxCS
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-