General
-
Target
b850bcd5b3cb3520de3af8780a0fe31c4532aa1bdf98cb5c4e11bc812fa6e8d7
-
Size
630KB
-
Sample
231213-bq7fdsfed4
-
MD5
a6c9c7fcee1c1e27c9ee1dfeb2d16d7f
-
SHA1
babaeb81f894ff334332ae7a033921c954d58601
-
SHA256
b850bcd5b3cb3520de3af8780a0fe31c4532aa1bdf98cb5c4e11bc812fa6e8d7
-
SHA512
5386768a2b0e974fcbe8227473cb4a093a507272c71eb5cce5df042d20e954ddc973f6c990f3e61f4d7a43087b796ecebeaffaa5178a47f185e4a09971d65867
-
SSDEEP
12288:Bc3IU8S6eUdZg805dUnZv6HR+7cQWHEuLEkF9dh6cqlcKXdE+blQA:B6ItSAdq8ystmR+gQ55k/ilc+dBi
Static task
static1
Behavioral task
behavioral1
Sample
b850bcd5b3cb3520de3af8780a0fe31c4532aa1bdf98cb5c4e11bc812fa6e8d7.exe
Resource
win7-20231025-en
Malware Config
Extracted
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$
Extracted
agenttesla
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
Targets
-
-
Target
b850bcd5b3cb3520de3af8780a0fe31c4532aa1bdf98cb5c4e11bc812fa6e8d7
-
Size
630KB
-
MD5
a6c9c7fcee1c1e27c9ee1dfeb2d16d7f
-
SHA1
babaeb81f894ff334332ae7a033921c954d58601
-
SHA256
b850bcd5b3cb3520de3af8780a0fe31c4532aa1bdf98cb5c4e11bc812fa6e8d7
-
SHA512
5386768a2b0e974fcbe8227473cb4a093a507272c71eb5cce5df042d20e954ddc973f6c990f3e61f4d7a43087b796ecebeaffaa5178a47f185e4a09971d65867
-
SSDEEP
12288:Bc3IU8S6eUdZg805dUnZv6HR+7cQWHEuLEkF9dh6cqlcKXdE+blQA:B6ItSAdq8ystmR+gQ55k/ilc+dBi
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Suspicious use of SetThreadContext
-