General
-
Target
320DD7BF00463CE9E865CF8F99A2146709062070ADB9F9D88EC8CFE2B2C7FE14
-
Size
378KB
-
Sample
231206-epqm2aba84
-
MD5
a955779a4db503f2d173c487f0eed04c
-
SHA1
f5f2c26369849f43d37deb929d956bcd59c8aca6
-
SHA256
320dd7bf00463ce9e865cf8f99a2146709062070adb9f9d88ec8cfe2b2c7fe14
-
SHA512
20489fd9c563aef3451ead2b247f469edff9f465e49a5f980ac92baade0e615fc20966a592e0845640ff94b7cd25c57cca178a0af7529d6894d3b9f0a64d23ee
-
SSDEEP
6144:h5WOStyb0WRo//fmLt3SA/yZNx3xg5O24a+VpdYGbpThq9iDPMbhFY7nT6RctYVT:hmtof8mlJENxG5Ca+VpbbjqU083+cKVT
Static task
static1
Behavioral task
behavioral1
Sample
Dcblejffmoa.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
Dcblejffmoa.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sturmsgroup.com - Port:
587 - Username:
[email protected] - Password:
hs_B2R1px4ASsOhR - Email To:
[email protected]
Targets
-
-
Target
Dcblejffmoa.exe
-
Size
451KB
-
MD5
59447e7eb854c5883e64cd6cd2656e11
-
SHA1
a02ef8dadde0596702f8792a6906320b30e2fa22
-
SHA256
b90922b5e35d6368d5ae449c45a111323f5d3b883416b0c13df5c1ecaa25d9bf
-
SHA512
e15881645066bdcdcd69875fde086b6de8ba4f4f5fbf5979a5cffa1f82332d852239f16ddd97475fa40f594a73a594ab80570e07f2c213acac7e077b76cc468a
-
SSDEEP
12288:74JNW3TamlJANxO5Qa+VppbnoU0o3+c6oI:74JNWjVJA85IpbnoU33ry
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-