General
-
Target
41685eda86fd0c3580849308a25b4a9d.bin
-
Size
665KB
-
Sample
240327-cfdk1ahh82
-
MD5
3d678a47afdeb21d858e287f00317338
-
SHA1
41f8816cb2645df416c76275d3cf1970d4617ca0
-
SHA256
b29ed597406708be73f550eb92e0daa990f89324df69e0b946a4a8910b6b0393
-
SHA512
df08666a2cad5110838de4520fad9cf822f19c995f6f1b6eaf5eb1ab6ed891e2a7647881e13d297b66d7d2ff66c0d19ffdbf4962b5e047860f1c7f13c15dd318
-
SSDEEP
12288:i5LXf7ep78jlU3vefxn6u6t1JeT7bzCcpLBIwWABE/FU5HQLHx3EQlti0wjMTXdJ:ixf747qOvel6Dt+XCcp9DfEdU5HQLOQd
Static task
static1
Behavioral task
behavioral1
Sample
0602f5f777f16e6eceba591204219845b53b8f82b130b0a58b384fa2c06983fe.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0602f5f777f16e6eceba591204219845b53b8f82b130b0a58b384fa2c06983fe.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.worlorderbillions.top - Port:
587 - Username:
[email protected] - Password:
@qwerty90123 - Email To:
[email protected]
Targets
-
-
Target
0602f5f777f16e6eceba591204219845b53b8f82b130b0a58b384fa2c06983fe.exe
-
Size
1.1MB
-
MD5
41685eda86fd0c3580849308a25b4a9d
-
SHA1
b497bde46d77522ae99ba0a3b06b0f0c930ee0ae
-
SHA256
0602f5f777f16e6eceba591204219845b53b8f82b130b0a58b384fa2c06983fe
-
SHA512
fa6eb2e1a4a3678dbe41f60cd84b581421db31dad46c6463fde2c2197c21f72e9c4731a9d88a3f0094876e778b154ef1f3eac2501ec01a17a41f41e1e14f2286
-
SSDEEP
24576:bqDEvCTbMWu7rQYlBQcBiT6rprG8avlVB:bTvC/MTQYxsWR7av
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-