General
-
Target
e17138f707986af58fed56d6fc9d03fb
-
Size
1.3MB
-
Sample
240327-mg4tpadb8x
-
MD5
e17138f707986af58fed56d6fc9d03fb
-
SHA1
b7120b1129056920e96b9328714da9070adcea6e
-
SHA256
944761699dface72d19767de6114d9a8fd4d8d8c3810405d658281d9cca03957
-
SHA512
da12bd0cf9d9b72fb803333934fefb7c76ed8cf3d4dd2d77bfefd1c25430b7c307a8016f712d268c5c0f4f7486edfbcf7cb1f71f3cea575ba1a325c6161855f7
-
SSDEEP
24576:BI8476DOOfx8Dgyfx8DgKTRRnpPRK+XgnoRT2v6k/rOcKyFzUNwDZx2L:J476H58Dgy58DgoRBNRKHoRTq6wKrCZU
Static task
static1
Behavioral task
behavioral1
Sample
e17138f707986af58fed56d6fc9d03fb.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e17138f707986af58fed56d6fc9d03fb.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.tccinfaes.com - Port:
587 - Username:
[email protected] - Password:
transportes - Email To:
[email protected]
Targets
-
-
Target
e17138f707986af58fed56d6fc9d03fb
-
Size
1.3MB
-
MD5
e17138f707986af58fed56d6fc9d03fb
-
SHA1
b7120b1129056920e96b9328714da9070adcea6e
-
SHA256
944761699dface72d19767de6114d9a8fd4d8d8c3810405d658281d9cca03957
-
SHA512
da12bd0cf9d9b72fb803333934fefb7c76ed8cf3d4dd2d77bfefd1c25430b7c307a8016f712d268c5c0f4f7486edfbcf7cb1f71f3cea575ba1a325c6161855f7
-
SSDEEP
24576:BI8476DOOfx8Dgyfx8DgKTRRnpPRK+XgnoRT2v6k/rOcKyFzUNwDZx2L:J476H58Dgy58DgoRBNRKHoRTq6wKrCZU
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-