General
-
Target
839e31bac7669191824fed9cf03e5faccfb40d4ac610eacd78942a6b242981e6
-
Size
528KB
-
Sample
231205-wapwmaea36
-
MD5
8d0a37e61a5608bd2f03afff965a4435
-
SHA1
56e89b54f02c9f4478d1e0a5bdf2bf4e8d2efc4d
-
SHA256
839e31bac7669191824fed9cf03e5faccfb40d4ac610eacd78942a6b242981e6
-
SHA512
2dc1428bdb332ae3ca42ff22277715cce70b8cddad7d2743b66a7c9b9b34a9ed72cae6fc0704a14e2135c78082a392edf283506aa0f61228cbb55a9e098cb8c2
-
SSDEEP
12288:ZaWwYAm6JU8/2fLV0K8RsIpxIUj9WfaRj3vdZ:oWDAm6yCS0DNrEaRj3n
Static task
static1
Behavioral task
behavioral1
Sample
839e31bac7669191824fed9cf03e5faccfb40d4ac610eacd78942a6b242981e6.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
839e31bac7669191824fed9cf03e5faccfb40d4ac610eacd78942a6b242981e6.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
Targets
-
-
Target
839e31bac7669191824fed9cf03e5faccfb40d4ac610eacd78942a6b242981e6
-
Size
528KB
-
MD5
8d0a37e61a5608bd2f03afff965a4435
-
SHA1
56e89b54f02c9f4478d1e0a5bdf2bf4e8d2efc4d
-
SHA256
839e31bac7669191824fed9cf03e5faccfb40d4ac610eacd78942a6b242981e6
-
SHA512
2dc1428bdb332ae3ca42ff22277715cce70b8cddad7d2743b66a7c9b9b34a9ed72cae6fc0704a14e2135c78082a392edf283506aa0f61228cbb55a9e098cb8c2
-
SSDEEP
12288:ZaWwYAm6JU8/2fLV0K8RsIpxIUj9WfaRj3vdZ:oWDAm6yCS0DNrEaRj3n
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-