General
-
Target
61e27506929d1bf899e61b448887fa20f2164700900105d013f8df7658f08792
-
Size
392KB
-
Sample
231207-bhrd7saac8
-
MD5
acd16440a0a9c52dd14f35ebe527c49b
-
SHA1
a2949af807516604d0e4006fb1d39a8c5e3fa2ca
-
SHA256
61e27506929d1bf899e61b448887fa20f2164700900105d013f8df7658f08792
-
SHA512
866201039b40342b43f45104fd7dd5a5b8b6011126b98d2ea0f36be472a0c3dea6d177785a70f9807758d10b49a32d005966e2e85dd33565bc280cb6c4fa1a47
-
SSDEEP
6144:IFKchTkwYZYsszigCggAtRUWmxENPslKT4c1/jcRY5V6BG5AfL:IFKQkwCYfigGAtRZmxE20XtjcRY12T
Static task
static1
Behavioral task
behavioral1
Sample
61e27506929d1bf899e61b448887fa20f2164700900105d013f8df7658f08792.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
61e27506929d1bf899e61b448887fa20f2164700900105d013f8df7658f08792.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.hotelnowydwor.pl - Port:
587 - Username:
[email protected] - Password:
zZJ18@r1 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.hotelnowydwor.pl - Port:
587 - Username:
[email protected] - Password:
zZJ18@r1
Targets
-
-
Target
61e27506929d1bf899e61b448887fa20f2164700900105d013f8df7658f08792
-
Size
392KB
-
MD5
acd16440a0a9c52dd14f35ebe527c49b
-
SHA1
a2949af807516604d0e4006fb1d39a8c5e3fa2ca
-
SHA256
61e27506929d1bf899e61b448887fa20f2164700900105d013f8df7658f08792
-
SHA512
866201039b40342b43f45104fd7dd5a5b8b6011126b98d2ea0f36be472a0c3dea6d177785a70f9807758d10b49a32d005966e2e85dd33565bc280cb6c4fa1a47
-
SSDEEP
6144:IFKchTkwYZYsszigCggAtRUWmxENPslKT4c1/jcRY5V6BG5AfL:IFKQkwCYfigGAtRZmxE20XtjcRY12T
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-