General
-
Target
d63b77c0847dba3ed2628b9872883ed339b66a5e09de41cf27d178ac7ceb047a
-
Size
784KB
-
Sample
231206-dw1adaag37
-
MD5
4a41f0922710dc4bc37f8c12134e27b3
-
SHA1
929e17a6ede2ca22d28c5c7367f0305a523f6bbe
-
SHA256
d63b77c0847dba3ed2628b9872883ed339b66a5e09de41cf27d178ac7ceb047a
-
SHA512
2d291a80a981c54f4965538efca11defcc0d7f5d269264cf3f0ae530bffc1de55e161f60828fb16e0176f0d86cd1e693c00228294d50f498df120ddaf14c78b1
-
SSDEEP
12288:YdIeXMcD1AfurYFd/Y26VOb9Me3XaWmB/TzMygl5ylWpM:YdMcDnrsyVO53XJaTQygzylj
Static task
static1
Behavioral task
behavioral1
Sample
d63b77c0847dba3ed2628b9872883ed339b66a5e09de41cf27d178ac7ceb047a.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
d63b77c0847dba3ed2628b9872883ed339b66a5e09de41cf27d178ac7ceb047a.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ehh.com.my - Port:
587 - Username:
[email protected] - Password:
?VerLim43? - Email To:
[email protected]
Targets
-
-
Target
d63b77c0847dba3ed2628b9872883ed339b66a5e09de41cf27d178ac7ceb047a
-
Size
784KB
-
MD5
4a41f0922710dc4bc37f8c12134e27b3
-
SHA1
929e17a6ede2ca22d28c5c7367f0305a523f6bbe
-
SHA256
d63b77c0847dba3ed2628b9872883ed339b66a5e09de41cf27d178ac7ceb047a
-
SHA512
2d291a80a981c54f4965538efca11defcc0d7f5d269264cf3f0ae530bffc1de55e161f60828fb16e0176f0d86cd1e693c00228294d50f498df120ddaf14c78b1
-
SSDEEP
12288:YdIeXMcD1AfurYFd/Y26VOb9Me3XaWmB/TzMygl5ylWpM:YdMcDnrsyVO53XJaTQygzylj
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-