General
-
Target
7ead96f7e88246b0fd550ddbb54eece8
-
Size
857KB
-
Sample
240129-c91ydsgcd9
-
MD5
7ead96f7e88246b0fd550ddbb54eece8
-
SHA1
9ee30ebadda6695dab8fe3f7e82252911e5be87b
-
SHA256
c0e8649682f6e6377cc015cbb2ce8db5a786648df8e78b40fc79f077043a77bc
-
SHA512
5d530ef69b5112aea237b6fda376621ab241e51cc847644f7ef5839eb165e4ba53c24b1dcdec3fe1213b5581df7e8cbe4aac6b148c95cd2cf10a0d6775bd106c
-
SSDEEP
12288:Z8+t2onvFThXTpHPWjv/vSct5ngXzePyw0Opzii36FTG6HwLydb/lCUDdMYpbAXk:NnxzEHxkdMXCcnCmya1e
Static task
static1
Behavioral task
behavioral1
Sample
7ead96f7e88246b0fd550ddbb54eece8.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
7ead96f7e88246b0fd550ddbb54eece8.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
server122.web-hosting.com - Port:
587 - Username:
[email protected] - Password:
hX%OActH07N?
Targets
-
-
Target
7ead96f7e88246b0fd550ddbb54eece8
-
Size
857KB
-
MD5
7ead96f7e88246b0fd550ddbb54eece8
-
SHA1
9ee30ebadda6695dab8fe3f7e82252911e5be87b
-
SHA256
c0e8649682f6e6377cc015cbb2ce8db5a786648df8e78b40fc79f077043a77bc
-
SHA512
5d530ef69b5112aea237b6fda376621ab241e51cc847644f7ef5839eb165e4ba53c24b1dcdec3fe1213b5581df7e8cbe4aac6b148c95cd2cf10a0d6775bd106c
-
SSDEEP
12288:Z8+t2onvFThXTpHPWjv/vSct5ngXzePyw0Opzii36FTG6HwLydb/lCUDdMYpbAXk:NnxzEHxkdMXCcnCmya1e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-