General
-
Target
da6eebca66201555c0e9c4344129c2bbd5c1ae406bbd0317b183c65d83bf6a36
-
Size
646KB
-
Sample
231212-dht67sfbe3
-
MD5
80ad50105b4010262b4c01ad0a69012a
-
SHA1
518fcbf25e61fb2e212fd7016660ad81f59b5569
-
SHA256
03cfdb15163a2a257877cb9d4c489f446aab3c0d383292b95f2d2e9e9bb120da
-
SHA512
2166a739a1570b93eea99f4756cab1f2f340b0b46867a70e48802b94de7858db0bc8f5c576f8125d3ff12ecacfbbcb7275155ef17bfd19303895dd09490050bf
-
SSDEEP
12288:Fs281Cn4MOk/AGgoYadaoSTjfoc5an8IQFcKWAjIutXMz7ghmrLbzAB7nXG8RJj7:iT2Ik/Awhd0jfUn8ItdAjI6EzAlXG8JX
Static task
static1
Behavioral task
behavioral1
Sample
da6eebca66201555c0e9c4344129c2bbd5c1ae406bbd0317b183c65d83bf6a36.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
da6eebca66201555c0e9c4344129c2bbd5c1ae406bbd0317b183c65d83bf6a36.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.abi0expertise.com - Port:
587 - Username:
[email protected] - Password:
Najwa1949! - Email To:
[email protected]
Targets
-
-
Target
da6eebca66201555c0e9c4344129c2bbd5c1ae406bbd0317b183c65d83bf6a36
-
Size
721KB
-
MD5
e8860ae248fffb91e6580b6de402709d
-
SHA1
6f7a7238a3a4a7e01716636b493f92a73eee3cfd
-
SHA256
da6eebca66201555c0e9c4344129c2bbd5c1ae406bbd0317b183c65d83bf6a36
-
SHA512
8e0a32ac3f914782528fcb82997daf046c03589af712c61177d82671831285a013975f42b87f62259d5967b501c83958ee1608655af97f77f66f66a6701c4fc4
-
SSDEEP
12288:Dv5nF8ME6jD/JZQTj7oc5qn8IQFcKaAjIktXMr7gnmryyJt7ErI+1BRUyva:DvPtD/J0j74n8ItnAjIkHyvErxUyi
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-