General
-
Target
47a0081b9d1154fc080d41a09c88edc769ebb2713ab8c558dc6504de5534b05e
-
Size
611KB
-
Sample
240327-cfq64ahh94
-
MD5
b6082cd8ee46d9dc2ba522a95aa64953
-
SHA1
f6276494d1ce9ec427b6fd5d66d2a70d015dc3e0
-
SHA256
47a0081b9d1154fc080d41a09c88edc769ebb2713ab8c558dc6504de5534b05e
-
SHA512
30d49265376e8ed7578fa5a11848712b8ef305da3473f1f92d22f1cc8745415946c7c7a442b5437198282fa9c4c8a149767d6a4fcccd5505e5e9799ff8ec0c8f
-
SSDEEP
12288:ktHNbHiG2ue2PymVBqMAzdpeTpi4A/AcOFaJ0fGkMY36qf0kCAna5W:krbHiLue26mVgMAzdMTptUuFa6OJYvpb
Static task
static1
Behavioral task
behavioral1
Sample
47a0081b9d1154fc080d41a09c88edc769ebb2713ab8c558dc6504de5534b05e.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
47a0081b9d1154fc080d41a09c88edc769ebb2713ab8c558dc6504de5534b05e.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.toliddaru.ir - Port:
587 - Username:
[email protected] - Password:
Aa@1401 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.toliddaru.ir - Port:
587 - Username:
[email protected] - Password:
Aa@1401
Targets
-
-
Target
47a0081b9d1154fc080d41a09c88edc769ebb2713ab8c558dc6504de5534b05e
-
Size
611KB
-
MD5
b6082cd8ee46d9dc2ba522a95aa64953
-
SHA1
f6276494d1ce9ec427b6fd5d66d2a70d015dc3e0
-
SHA256
47a0081b9d1154fc080d41a09c88edc769ebb2713ab8c558dc6504de5534b05e
-
SHA512
30d49265376e8ed7578fa5a11848712b8ef305da3473f1f92d22f1cc8745415946c7c7a442b5437198282fa9c4c8a149767d6a4fcccd5505e5e9799ff8ec0c8f
-
SSDEEP
12288:ktHNbHiG2ue2PymVBqMAzdpeTpi4A/AcOFaJ0fGkMY36qf0kCAna5W:krbHiLue26mVgMAzdMTptUuFa6OJYvpb
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-