General
-
Target
a804fb03f59e855deae2343c4a6ad689.exe
-
Size
891KB
-
Sample
240107-yascvscffl
-
MD5
a804fb03f59e855deae2343c4a6ad689
-
SHA1
ff8ed1734e1b0864e32423bed99acced8f9f60f4
-
SHA256
226ab3f67d5d1861b6051dc65c8f5fcfcbadf0a78ae258002eace8be0ce24a7b
-
SHA512
637b64b00078e9765740bc763cd8c6733132f89c4492879e5c21e6770b555bd52cb0c18b7db995c32e9dc6a6f9588894ccb1901dccbb2dc641342883ccc9491a
-
SSDEEP
24576:63lMWYqRoirD59QTXUgOkEZQu3nWZA8FBFoYmeEkvMD:o1vCirHCumC4oyv
Static task
static1
Behavioral task
behavioral1
Sample
a804fb03f59e855deae2343c4a6ad689.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
a804fb03f59e855deae2343c4a6ad689.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
serv-10708.handsonwebhosting.com - Port:
587 - Username:
[email protected] - Password:
icui4cu2@@
Targets
-
-
Target
a804fb03f59e855deae2343c4a6ad689.exe
-
Size
891KB
-
MD5
a804fb03f59e855deae2343c4a6ad689
-
SHA1
ff8ed1734e1b0864e32423bed99acced8f9f60f4
-
SHA256
226ab3f67d5d1861b6051dc65c8f5fcfcbadf0a78ae258002eace8be0ce24a7b
-
SHA512
637b64b00078e9765740bc763cd8c6733132f89c4492879e5c21e6770b555bd52cb0c18b7db995c32e9dc6a6f9588894ccb1901dccbb2dc641342883ccc9491a
-
SSDEEP
24576:63lMWYqRoirD59QTXUgOkEZQu3nWZA8FBFoYmeEkvMD:o1vCirHCumC4oyv
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-