General
-
Target
bc813828d08b596681681296a9e17eb6.bin
-
Size
672KB
-
Sample
240327-enlyfscd22
-
MD5
8fd6a9dad24785c6a0aaf9bf2af7a969
-
SHA1
69832f38a9cd56824c6d9e28cefc6e583586c707
-
SHA256
f9c1e5fdb85cde83b31fd3777cc1246283b4a942164aa465366c088e0187e1b7
-
SHA512
d0c60e1a3f406904ca387368ad5de94e80e290f197eff85417226580b62680cc98d8d2dba01e40321b439724b0ae252fc9192d098b924098935a1a81adbcd84c
-
SSDEEP
12288:JBAYMZRaLX/8H29P32bt8SayttS8xMc2OGz+XyTBuJ9hvW8SQbZQAf0p:JK6X/8HLlfgyXPrxW8S6ZQAf0p
Static task
static1
Behavioral task
behavioral1
Sample
4de0c431cb9805cb419d42e5f3630a74393ed10409bf0e6d3d65c7b95e380aa5.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4de0c431cb9805cb419d42e5f3630a74393ed10409bf0e6d3d65c7b95e380aa5.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.thanhancompony.com - Port:
587 - Username:
[email protected] - Password:
aSkIhV^3 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
smtp.thanhancompony.com - Port:
587 - Username:
[email protected] - Password:
aSkIhV^3
Targets
-
-
Target
4de0c431cb9805cb419d42e5f3630a74393ed10409bf0e6d3d65c7b95e380aa5.exe
-
Size
727KB
-
MD5
bc813828d08b596681681296a9e17eb6
-
SHA1
245133d9baef52591ff6ec3f310b729eceaf47fd
-
SHA256
4de0c431cb9805cb419d42e5f3630a74393ed10409bf0e6d3d65c7b95e380aa5
-
SHA512
2081dc57e4c629c2cbf1483d44b97a191b89775a9ae6c7b19e3b800f28c7707d0785fceb0d307c85c96652d85836ed0adf713ce3600e96b1c4952eaacad2beee
-
SSDEEP
12288:/14CMwLXXZLdbHDQThYmKwN8B5vKgVTnuRz+yd3qwabuyHHePcQgoeVMAskR:fXXZGu9vKgVTuRCylqwn7PVgfVX
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-