General
-
Target
df6835a0c227ef7647c3c3bbcbbeca2e1a7ffa7331219d7b4409384d1645c8b1
-
Size
1.3MB
-
Sample
240327-cfwftach8x
-
MD5
6560a53abe0d10b9e877c9fcae768cda
-
SHA1
4a6638df42c50d316100e3206bff8ac6373ce29f
-
SHA256
df6835a0c227ef7647c3c3bbcbbeca2e1a7ffa7331219d7b4409384d1645c8b1
-
SHA512
c6e88dc85f23b7b78a197d9961f056939bf3b7a723e4b364c09db66843134aa141378084ebcc85651d1f7b4d07a4058add118f69148959828c644ce681de62c2
-
SSDEEP
24576:ncA1APfw3yTXJT6g/dxrfAQAOoP6LNrSBZ8wJzU0dXnoqpbv9DJ2B40GL8rVIJ:ncA1U5J64dxrfAQAEZSf8wJoin/v9VfB
Static task
static1
Behavioral task
behavioral1
Sample
Alpha-main/Alpha.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Alpha-main/Alpha.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.worlorderbillions.top - Port:
587 - Username:
[email protected] - Password:
bHn3a9mr&zxQ
Extracted
agenttesla
Protocol: smtp- Host:
mail.worlorderbillions.top - Port:
587 - Username:
[email protected] - Password:
bHn3a9mr&zxQ - Email To:
[email protected]
Targets
-
-
Target
Alpha-main/Alpha.exe
-
Size
944KB
-
MD5
c6c66e0ae7e62194bd95e52e85f69aa1
-
SHA1
4f2711869c3c6823329261ddeaf041302eebc784
-
SHA256
4dbdafb1f38d8d8f55f611e7e6985b3975658a8b0b652d80c432eff73812e21d
-
SHA512
bc73acd53fd64a716562d9c464dff39da2d867599bf5f4f1159132c80e06938d6e2e59c45bb58928d1777eec71fbf4ab6073aafcadf31e5153ee06e794b006df
-
SSDEEP
12288:FtxFdKGQkhZpmHqJo/8bslBdxhfAgYvPwTHvWXt6bTJVHPyeeZNMP5v:sG0HL/WGBdxhfAgAQot6blVHP1ENK5
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-