General
-
Target
fa735d742249b4c53ed758575e1b846de610260c6d59464c4c2c476c5c134c2e
-
Size
758KB
-
Sample
240328-b51w6acg3v
-
MD5
2a36cd86ffb5a14f3c12aaf95cce61e3
-
SHA1
acdcc7069ac22140ba95cdd113bff13ff49d9946
-
SHA256
fa735d742249b4c53ed758575e1b846de610260c6d59464c4c2c476c5c134c2e
-
SHA512
08f64074240b5dfb228b6d0bb8d9b62100efc5f220334050e4df650c73c1fa8becf454673bfa28fb5f77c6b55ada0ebf5a90c9f685295b0acae86c2fe9aebd61
-
SSDEEP
12288:adVkygw02h5Xy5qdNygtO3Fer5T9EscGoy1gACUcW9uYwQ+xuaMl7zoiMjaOf8HR:awjQy4dAwO1edTistoy1g5+EYkKpot/i
Static task
static1
Behavioral task
behavioral1
Sample
fa735d742249b4c53ed758575e1b846de610260c6d59464c4c2c476c5c134c2e.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fa735d742249b4c53ed758575e1b846de610260c6d59464c4c2c476c5c134c2e.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
godwillxzn.com - Port:
587 - Username:
frank1@godwillxzn.com - Password:
,~B=)#zzr)o= - Email To:
frank@godwillxzn.com
Extracted
Protocol: smtp- Host:
godwillxzn.com - Port:
587 - Username:
frank1@godwillxzn.com - Password:
,~B=)#zzr)o=
Targets
-
-
Target
fa735d742249b4c53ed758575e1b846de610260c6d59464c4c2c476c5c134c2e
-
Size
758KB
-
MD5
2a36cd86ffb5a14f3c12aaf95cce61e3
-
SHA1
acdcc7069ac22140ba95cdd113bff13ff49d9946
-
SHA256
fa735d742249b4c53ed758575e1b846de610260c6d59464c4c2c476c5c134c2e
-
SHA512
08f64074240b5dfb228b6d0bb8d9b62100efc5f220334050e4df650c73c1fa8becf454673bfa28fb5f77c6b55ada0ebf5a90c9f685295b0acae86c2fe9aebd61
-
SSDEEP
12288:adVkygw02h5Xy5qdNygtO3Fer5T9EscGoy1gACUcW9uYwQ+xuaMl7zoiMjaOf8HR:awjQy4dAwO1edTistoy1g5+EYkKpot/i
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-