General
-
Target
2c28cf2416fd709cbf30c1dd438a80d7b5596b0da94f20942f42be468fcb9ae5
-
Size
762KB
-
Sample
231208-n1v7bsda8v
-
MD5
ecbdafd28f9a6c955799243e3e386a42
-
SHA1
bd4182e50083eb26adc9dc6b022a16f600b1ec4d
-
SHA256
2c28cf2416fd709cbf30c1dd438a80d7b5596b0da94f20942f42be468fcb9ae5
-
SHA512
bb441bef7b5a03807c2cd759239e95fb846b32f7436a6a52f2d8036eeb88f88003ede27fea7057724e451169edf26f7c65fe1ed19a81ae75be61feff2533634d
-
SSDEEP
12288:kVjid7BR6wTuHWhblYlvHx9nwQAicPF3lsFZ8MLZUiMoQsh5cI/4m05sFhR0KbB/:2ipBt0/nBAicNlsFZbqlsv4AJ0KlXxp7
Static task
static1
Behavioral task
behavioral1
Sample
2c28cf2416fd709cbf30c1dd438a80d7b5596b0da94f20942f42be468fcb9ae5.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
2c28cf2416fd709cbf30c1dd438a80d7b5596b0da94f20942f42be468fcb9ae5.exe
Resource
win10v2004-20231201-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.hltllc.com - Port:
587 - Username:
[email protected] - Password:
Hlt@36@Gr#8 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.hltllc.com - Port:
587 - Username:
[email protected] - Password:
Hlt@36@Gr#8
Targets
-
-
Target
2c28cf2416fd709cbf30c1dd438a80d7b5596b0da94f20942f42be468fcb9ae5
-
Size
762KB
-
MD5
ecbdafd28f9a6c955799243e3e386a42
-
SHA1
bd4182e50083eb26adc9dc6b022a16f600b1ec4d
-
SHA256
2c28cf2416fd709cbf30c1dd438a80d7b5596b0da94f20942f42be468fcb9ae5
-
SHA512
bb441bef7b5a03807c2cd759239e95fb846b32f7436a6a52f2d8036eeb88f88003ede27fea7057724e451169edf26f7c65fe1ed19a81ae75be61feff2533634d
-
SSDEEP
12288:kVjid7BR6wTuHWhblYlvHx9nwQAicPF3lsFZ8MLZUiMoQsh5cI/4m05sFhR0KbB/:2ipBt0/nBAicNlsFZbqlsv4AJ0KlXxp7
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-