General
-
Target
b34970457d377b77be959128a97a4421949d66fb563800bd615f1eba73ac07b9
-
Size
727KB
-
Sample
231206-dwn74sag28
-
MD5
39f9149362c3bc065e63bb4f7b0de153
-
SHA1
4995f754e2179356f419bd7626a14319823acf62
-
SHA256
b34970457d377b77be959128a97a4421949d66fb563800bd615f1eba73ac07b9
-
SHA512
7cb7ec5df709b944fc30a52ac1c4214fe0a459d58720b2799d6111e4f479ca06a20bab827bcef3948dd36a7e8a12e6ad499be0d867441586d7a3daf2cbe4a36d
-
SSDEEP
12288:w2mKE6jD/62iNG5nF8C6yxwvwPTwlSCiZfb1cTdte:wLKtD/61I5HkwPckCiZD1cTdt
Static task
static1
Behavioral task
behavioral1
Sample
b34970457d377b77be959128a97a4421949d66fb563800bd615f1eba73ac07b9.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
b34970457d377b77be959128a97a4421949d66fb563800bd615f1eba73ac07b9.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mbarieservicesltd.com - Port:
587 - Username:
[email protected] - Password:
*o9H+18Q4%;M - Email To:
[email protected]
Targets
-
-
Target
b34970457d377b77be959128a97a4421949d66fb563800bd615f1eba73ac07b9
-
Size
727KB
-
MD5
39f9149362c3bc065e63bb4f7b0de153
-
SHA1
4995f754e2179356f419bd7626a14319823acf62
-
SHA256
b34970457d377b77be959128a97a4421949d66fb563800bd615f1eba73ac07b9
-
SHA512
7cb7ec5df709b944fc30a52ac1c4214fe0a459d58720b2799d6111e4f479ca06a20bab827bcef3948dd36a7e8a12e6ad499be0d867441586d7a3daf2cbe4a36d
-
SSDEEP
12288:w2mKE6jD/62iNG5nF8C6yxwvwPTwlSCiZfb1cTdte:wLKtD/61I5HkwPckCiZD1cTdt
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-