General
-
Target
D7F4FE4F49D455CF114C05830EE5DBEA9B8A37CF0FCD48B834D33E043928665F
-
Size
386KB
-
Sample
231206-eptppaba93
-
MD5
7cb0057f1e8cda251a16e1384d10adda
-
SHA1
11468dec68c4d8065136907631f51b76172dca58
-
SHA256
d7f4fe4f49d455cf114c05830ee5dbea9b8a37cf0fcd48b834d33e043928665f
-
SHA512
99c1934dbeebdf3c1caa768476a738f5cdd99ef00a4f4612e69abea6f242cd5017786c787ebbbe6dbaea59e5dfd8e2e7421d4c8d19781024f19590d3a003334a
-
SSDEEP
6144:nDD1SMY3tZhNr9Mi6FiLHCOnLxPyDwsuHPziiQGrY/ZnO+OSd3N7hlVXT/L:DELtZHqvi7Cy8DwK/ZjJhr5
Static task
static1
Behavioral task
behavioral1
Sample
PO OAU_NOVQTRFA00541·PDF.scr
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
PO OAU_NOVQTRFA00541·PDF.scr
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
breijhyswzsjmyqd - Email To:
[email protected]
Targets
-
-
Target
PO OAU_NOVQTRFA00541·PDF.scr
-
Size
813KB
-
MD5
01117545c435423593adf192c6361730
-
SHA1
8bfbf242a8980921ebf82f8a1bd64c9313b9715d
-
SHA256
b1408013b2aafe2fdfc5a240945fce0d2b784862b8343d8297afbf031d02dd33
-
SHA512
b0c7b610bee518cc520226f23594464a32d166e98959b46c45989a583f78b5b8d3670b1309e632e967e79ed5d8267ee639da49f0b024e5a40c6dc03c129768cf
-
SSDEEP
12288:eiJUgNlYQginsOnNPkoJlVD5aPI7r4krvby:euUgNldnJhFJl/iI7frvby
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-