General
-
Target
AFX_909388388382772883.jpg.bat
-
Size
621KB
-
Sample
231206-mzpsgsdh58
-
MD5
209267b5decf170fdc25565e0d86a5d2
-
SHA1
a96b5e85c76e518534c59a849ec45e129c1597a9
-
SHA256
0a109b2fcbb4ceae58549963c3c7ba7444763b9c9536323e95d90116cd78f809
-
SHA512
2e1fc8466a4c4a773845a4c2d378d2e2fc427c56f820eef6d9f0c1fc6d216c6fb17c6ed1c278798c2772db87bb3382bef6a74337eb538519bf15d9b70cd34890
-
SSDEEP
12288:tknueH5qxiaH9god9j5199wXRusYfB6CxNK6PRW:6Vqxi8yqB510R4Zw
Static task
static1
Behavioral task
behavioral1
Sample
AFX_909388388382772883.jpg.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
AFX_909388388382772883.jpg.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.worlorderbillions.top - Port:
587 - Username:
[email protected] - Password:
@qwerty90123 - Email To:
[email protected]
Targets
-
-
Target
AFX_909388388382772883.jpg.bat
-
Size
621KB
-
MD5
209267b5decf170fdc25565e0d86a5d2
-
SHA1
a96b5e85c76e518534c59a849ec45e129c1597a9
-
SHA256
0a109b2fcbb4ceae58549963c3c7ba7444763b9c9536323e95d90116cd78f809
-
SHA512
2e1fc8466a4c4a773845a4c2d378d2e2fc427c56f820eef6d9f0c1fc6d216c6fb17c6ed1c278798c2772db87bb3382bef6a74337eb538519bf15d9b70cd34890
-
SSDEEP
12288:tknueH5qxiaH9god9j5199wXRusYfB6CxNK6PRW:6Vqxi8yqB510R4Zw
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-