General
-
Target
0d5d150307091f4f2b0040362ceacea25b78abfa2d971772d0279d7506ad8978
-
Size
478KB
-
Sample
231206-epjvgsba59
-
MD5
9a9993bb71ce105b4dbade9aef4b107c
-
SHA1
b39fc991404d4a63fa7aa60ed5932760a9f40864
-
SHA256
0d5d150307091f4f2b0040362ceacea25b78abfa2d971772d0279d7506ad8978
-
SHA512
e62bb488fb4efb9e8b739785a0451e8d210c4f242b917452f469dc9f7f85a0d34f781a0aac8918e85802b4aa6323fafa551cd29cd87fbb54ddc7b597a2b03417
-
SSDEEP
12288:woapjb1nuPldWSUys+nug5hkcno8jr/UakT8Uv+QxJqJ9sR71:7wjJ8ldWSFjtbjT9UGQxJqQR71
Behavioral task
behavioral1
Sample
QUOTATION_NOVQTRFA00541·PDF.scr
Resource
win7-20231201-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
gator3220.hostgator.com - Port:
587 - Username:
[email protected] - Password:
28#75@ts76&&p!!@@ - Email To:
[email protected]
Targets
-
-
Target
QUOTATION_NOVQTRFA00541·PDF.scr
-
Size
974KB
-
MD5
83999a2ce0109ea4adbecb3a96744e8c
-
SHA1
4b94f4b23b157c7ae2df54e251cd4d22c683134d
-
SHA256
5030bc30c14139d9c48dc4cd175de6c966e83a9059035d18af33dda06f2541ab
-
SHA512
f4dfe9396a978d942cc5e8857549da838b17099f57a9fa4fc53761ee06bcff37f4100b263fdccff9565de3db40eb9c71694618433d64d41e66d8765a131328ae
-
SSDEEP
12288:W2BNuP+2ess0NdGRs5N4r8Zjw/KpBf2fLkzGHH1tfU7:J2JAk15N4r+8C72PfU
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect PureLogs payload
-
Suspicious use of SetThreadContext
-