General
-
Target
2d4e78ac81b6f5f1c75db900ac1bd0f2dbd22918808694977565b6bf436d827d
-
Size
812KB
-
Sample
231205-whtvjsea86
-
MD5
b85ce469aaa9172dbb48de3a9146360e
-
SHA1
0c7b828082aba36cda6a8a71dedd48ced45599d1
-
SHA256
2d4e78ac81b6f5f1c75db900ac1bd0f2dbd22918808694977565b6bf436d827d
-
SHA512
139990dd7a306096afed9907cd8db117e86b6e94383d8f1a9b3d1b16c4f65f6627d7bf7dee840483e0dee768a5ed0d43c4abca10f8ca19724eb6848dfd616750
-
SSDEEP
12288:9WpbtW8G34/uK45+po2VmuHEEA4vnM6Zz+E7SAlVPpXPR3OknnIkzSmNunG:N34/up+pJUuxA4v5zf/HBXPR3XnXumN
Static task
static1
Behavioral task
behavioral1
Sample
2d4e78ac81b6f5f1c75db900ac1bd0f2dbd22918808694977565b6bf436d827d.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
2d4e78ac81b6f5f1c75db900ac1bd0f2dbd22918808694977565b6bf436d827d.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.kanya-mittaphab.com - Port:
587 - Username:
[email protected] - Password:
E81ZbeDb]r]+ - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.kanya-mittaphab.com - Port:
587 - Username:
[email protected] - Password:
E81ZbeDb]r]+
Targets
-
-
Target
2d4e78ac81b6f5f1c75db900ac1bd0f2dbd22918808694977565b6bf436d827d
-
Size
812KB
-
MD5
b85ce469aaa9172dbb48de3a9146360e
-
SHA1
0c7b828082aba36cda6a8a71dedd48ced45599d1
-
SHA256
2d4e78ac81b6f5f1c75db900ac1bd0f2dbd22918808694977565b6bf436d827d
-
SHA512
139990dd7a306096afed9907cd8db117e86b6e94383d8f1a9b3d1b16c4f65f6627d7bf7dee840483e0dee768a5ed0d43c4abca10f8ca19724eb6848dfd616750
-
SSDEEP
12288:9WpbtW8G34/uK45+po2VmuHEEA4vnM6Zz+E7SAlVPpXPR3OknnIkzSmNunG:N34/up+pJUuxA4v5zf/HBXPR3XnXumN
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-