General
-
Target
5b8ccfa10415999c180007db5d1ad1bb7b876914421ca65e11d0a39259128a8f
-
Size
599KB
-
Sample
231212-vfsc9sacg6
-
MD5
66971fe8a22727a6ffb4e9546c930d9c
-
SHA1
d3cb85e49b2ed418d0d5d46b34345fa74df7c01b
-
SHA256
5b8ccfa10415999c180007db5d1ad1bb7b876914421ca65e11d0a39259128a8f
-
SHA512
7ea0a81bdb428016d15fe2788c6f1aed8f67d2555552b1db9d2ccc99cacb6deb85fae1cf4de0ab65ccb68e27c03c766b11b99b67c35df4b3e2a4a25897acf927
-
SSDEEP
12288:Jz0CUIBgRMnJ931/j3ttjmK8uXq5OQKv3tKAr25QTU:3gsbT/5aIRv3br25Qo
Static task
static1
Behavioral task
behavioral1
Sample
PO OAU_DECQTRFA00541·PDF.scr
Resource
win7-20231023-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
uymzbwhxnsbuprue - Email To:
[email protected]
Targets
-
-
Target
PO OAU_DECQTRFA00541·PDF.scr
-
Size
876KB
-
MD5
db8fdd697dafaa4aeb307452d652e0ef
-
SHA1
2addcfa14726e4c3e049873f7cfe0f2d42a04923
-
SHA256
9a37e5fffbac484741276e5f1e6e3c69edb6de33844ee2d99c9ce3adcf5deca9
-
SHA512
27fe99a63ea198bdfd9cd20415b0bf5d4a607ac8351f6c4e45df2c771ab6c6f1f4e19d386dca06d548110297f88d4bf52a0ff0d0b25890c75d3feb2213ffc827
-
SSDEEP
12288:613dUDuaee2A+cOpyd3Xo9c7T2zA+ctdOdplOXTdxvbhecadhoSHwerwGdx:I1aL2LoXGjAMCkc+w
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Suspicious use of SetThreadContext
-