General
-
Target
a450a789e4b6206560eaf44eeedd33877d4da84af34401609dd9415993fdec1b
-
Size
393KB
-
Sample
231205-vbabwsce5v
-
MD5
c001f0fde6a27f5a9b53fb7ae8beb3e8
-
SHA1
75d8f1c7716668be551697c5892f3d49e43971a7
-
SHA256
a450a789e4b6206560eaf44eeedd33877d4da84af34401609dd9415993fdec1b
-
SHA512
63abe005f4d0b3e2e991fa2dd3f3b6ad8942f88fbceb1da04816331367229b37bcd8f4d9f8b982a055de3c6dda03f2f6e94419c608fecf6e93edb0ab4afa8140
-
SSDEEP
12288:vbR8emrIWx1dDnjuQeUixYZa85JMlIc52JE:vbSewIM3nxtz+P2JE
Static task
static1
Behavioral task
behavioral1
Sample
PO OAU_NOVQTRFA00541·PDF.scr
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
PO OAU_NOVQTRFA00541·PDF.scr
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
breijhyswzsjmyqd - Email To:
[email protected]
Targets
-
-
Target
PO OAU_NOVQTRFA00541·PDF.scr
-
Size
727KB
-
MD5
3e446e855e9cbb24f986e82d74235f1f
-
SHA1
d07483cdb80d1d3dde568fae195dd95fc601bb8f
-
SHA256
85afa1fe2006ce7c80adc4d5bea761ca28a4df2a7e8119207c0590a3fa2859b5
-
SHA512
81f2c48619a010c5dbe6b2cd4500e0ad317ac1677b5f70b9918e173b2f6016de6e066d95baf00694a8bab8ef1000372e9b146003ddb8ac1a0ca6df6e48958793
-
SSDEEP
12288:LghMhXxJBL5v28jwGvA88fKr7HLdcwywfZGAH:LpjVvZbSfmXd7ywf
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-