General
-
Target
e249c3cf931a39ce861670aca977b737
-
Size
234KB
-
Sample
240327-zcv27seg9x
-
MD5
e249c3cf931a39ce861670aca977b737
-
SHA1
254f502d0e9709f95bbe045a4516afef612ce9e7
-
SHA256
3afa2f6a6fa28303c9fd4bc4f9c6f5c7ba36c0c58a8d161c106228a919d2d8ed
-
SHA512
38baf042bf700a2f01dda7b56bcdf4ac11a413f21c90d55308535dd11c6e88a20c7e80d7a1a85ee35bff47a8fb458c81c0bd60ba465a02fe800f155b33b215a1
-
SSDEEP
6144:x9P+k59oF8WaZbzbFXKSh1KGhDwoNzgc/P/97gPiS:x8k9DWaZpXL1KWDwdId6V
Static task
static1
Behavioral task
behavioral1
Sample
e249c3cf931a39ce861670aca977b737.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e249c3cf931a39ce861670aca977b737.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp3.ines.ro - Port:
587 - Username:
vanzari@gerocossen.ro - Password:
GW!g&95W7rs - Email To:
rawmaterial99@gmail.com
Targets
-
-
Target
e249c3cf931a39ce861670aca977b737
-
Size
234KB
-
MD5
e249c3cf931a39ce861670aca977b737
-
SHA1
254f502d0e9709f95bbe045a4516afef612ce9e7
-
SHA256
3afa2f6a6fa28303c9fd4bc4f9c6f5c7ba36c0c58a8d161c106228a919d2d8ed
-
SHA512
38baf042bf700a2f01dda7b56bcdf4ac11a413f21c90d55308535dd11c6e88a20c7e80d7a1a85ee35bff47a8fb458c81c0bd60ba465a02fe800f155b33b215a1
-
SSDEEP
6144:x9P+k59oF8WaZbzbFXKSh1KGhDwoNzgc/P/97gPiS:x8k9DWaZpXL1KWDwdId6V
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-