General
-
Target
a1f394fdfc8f591f57b8eee005596a503ca2a7b9.zip.tar.gz
-
Size
682KB
-
Sample
240326-mle15aba7y
-
MD5
491954811f203c76db715635a7303891
-
SHA1
7da7f2d37dff392cc45a0fdea4948f224df1526d
-
SHA256
7d3c49b95c71514ce8885851899689c3043a0aac72408cf1642765100c1c407f
-
SHA512
1396faed6ba62a5e43dcc967bf2a580749285dda56ae57c86394851d07bcf5de6e62a34fdbed30ef94aa842ddddfcc5c6ffaf3205a78db95b90a126345871040
-
SSDEEP
12288:nlhzwLoysdYh96NNRtjfknnJJpB284tEyDii/5Y4C9oW+xEJ7SLAtSvLcC5Ft:nlhksy9U77QJWieSR+eXtSvLcC5T
Static task
static1
Behavioral task
behavioral1
Sample
ΤΙΜΟΛΟΓΙΟ_FEB-888201-2024 00594 .exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ΤΙΜΟΛΟΓΙΟ_FEB-888201-2024 00594 .exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
bezelety.top - Port:
587 - Username:
[email protected] - Password:
IxF(..bSed6k - Email To:
[email protected]
Targets
-
-
Target
ΤΙΜΟΛΟΓΙΟ_FEB-888201-2024 00594 .exe
-
Size
1.1MB
-
MD5
223a09cb11e9123590ee2e708063cbed
-
SHA1
bf91ff4d371bfb25ea07a021afe4765f489b0568
-
SHA256
3628d562c329c8c628bfef6ac60b22b09b9154d5cd76f6769bf45fdd1ec617b7
-
SHA512
95196e20ca6b4c49131e06780598eac4a530925db2e2e6dcaedb9b713a03296e01a062c0ab9902fc88f0808a425514cff235a34ba97e4a26376d9975dc08f5e0
-
SSDEEP
24576:0qDEvCTbMWu7rQYlBQcBiT6rprG8aAeRFeNdc:0TvC/MTQYxsWR7aAeRFe3
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-