General
-
Target
n1KVzXM8Wk.exe
-
Size
39KB
-
Sample
240223-kn2a2adh5x
-
MD5
72b14801621eb5aaee0715dfc65d8b72
-
SHA1
2f4b2859fa8d1db18bc639622dddc5025af07c60
-
SHA256
49022d920d3b36c58eba1f941352a936a71aaac99cdacf65a925e0dc655bd232
-
SHA512
f4458dbf87702431e37ac9270ca80713032bcb3f014f4571637692a93fc0a03ca4079fb5141ccf9a1c908ea6e87d871101afff62ead3ecac168b583dcc79e829
-
SSDEEP
768:Ie/nw7Mz9fldvI8rOessjPTInb69EyvWWgv5n:/UMz9fldgYOFsjPTIb69E4gv1
Static task
static1
Behavioral task
behavioral1
Sample
n1KVzXM8Wk.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bananasnevis.com - Port:
587 - Username:
[email protected] - Password:
4RJak3wc7b^o - Email To:
[email protected]
Targets
-
-
Target
n1KVzXM8Wk.exe
-
Size
39KB
-
MD5
72b14801621eb5aaee0715dfc65d8b72
-
SHA1
2f4b2859fa8d1db18bc639622dddc5025af07c60
-
SHA256
49022d920d3b36c58eba1f941352a936a71aaac99cdacf65a925e0dc655bd232
-
SHA512
f4458dbf87702431e37ac9270ca80713032bcb3f014f4571637692a93fc0a03ca4079fb5141ccf9a1c908ea6e87d871101afff62ead3ecac168b583dcc79e829
-
SSDEEP
768:Ie/nw7Mz9fldvI8rOessjPTInb69EyvWWgv5n:/UMz9fldgYOFsjPTIb69E4gv1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Contacts a large (4498) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Suspicious use of SetThreadContext
-