General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.11232.25498
-
Size
591KB
-
Sample
231212-pq9seaedh2
-
MD5
cc6d16e2ed21cf7c90de7ded2e202ed6
-
SHA1
7516b5a9c4d4b5f0a3bc6519f92f42bcee898559
-
SHA256
f0b7b3e5f75561c2bd0c418d49a78c796c832c11cf4aa374963a7ee7c76e5473
-
SHA512
0818390ad1a6733e731b80c74db8b98527c23bd0c939f678b908fa13005d98f9f2fdce3437ea7d5f4a71544d46e35472544a9025ca9e91f5426d649924550493
-
SSDEEP
12288:hEW+4WpAE9y7O90AfcX6Ce4YuGKKi2elAdi22tA1sxolp9r4qXD+:OpAEMWJDfelAd31sxoZ4q
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.11232.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.PWSX-gen.11232.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
NX@@OLDdollarDV8FW7 - Email To:
[email protected]
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.11232.25498
-
Size
591KB
-
MD5
cc6d16e2ed21cf7c90de7ded2e202ed6
-
SHA1
7516b5a9c4d4b5f0a3bc6519f92f42bcee898559
-
SHA256
f0b7b3e5f75561c2bd0c418d49a78c796c832c11cf4aa374963a7ee7c76e5473
-
SHA512
0818390ad1a6733e731b80c74db8b98527c23bd0c939f678b908fa13005d98f9f2fdce3437ea7d5f4a71544d46e35472544a9025ca9e91f5426d649924550493
-
SSDEEP
12288:hEW+4WpAE9y7O90AfcX6Ce4YuGKKi2elAdi22tA1sxolp9r4qXD+:OpAEMWJDfelAd31sxoZ4q
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-