General
-
Target
f3c578f72d54829d84db9ee7388b7afeebfd96fce52475c24b50bad9384eb739
-
Size
658KB
-
Sample
240328-calpesae43
-
MD5
7b3740ec98be0d5a85394b676ea9aa71
-
SHA1
6f494cde023b0b1effe14e45ee98f780c2956a19
-
SHA256
f3c578f72d54829d84db9ee7388b7afeebfd96fce52475c24b50bad9384eb739
-
SHA512
4e26634e421322f8a91c4117d6dce78998479430da0d81019cb22b1700e73700abe0b27e598406b07fcfd1a59df9ddd590e1fe2b7fde047d85070986f4315abc
-
SSDEEP
12288:3H2iNlw0hKMKlclluElepyI0EvP+D/hEt59Maa56Q+R5aaCE7+SD:31X8MrLuhyIrvmD/eZ5niK
Static task
static1
Behavioral task
behavioral1
Sample
f3c578f72d54829d84db9ee7388b7afeebfd96fce52475c24b50bad9384eb739.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
f3c578f72d54829d84db9ee7388b7afeebfd96fce52475c24b50bad9384eb739.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
assadlog@oilandgascomp.xyz - Password:
7213575aceACE@# - Email To:
assad@oilandgascomp.xyz
Targets
-
-
Target
f3c578f72d54829d84db9ee7388b7afeebfd96fce52475c24b50bad9384eb739
-
Size
658KB
-
MD5
7b3740ec98be0d5a85394b676ea9aa71
-
SHA1
6f494cde023b0b1effe14e45ee98f780c2956a19
-
SHA256
f3c578f72d54829d84db9ee7388b7afeebfd96fce52475c24b50bad9384eb739
-
SHA512
4e26634e421322f8a91c4117d6dce78998479430da0d81019cb22b1700e73700abe0b27e598406b07fcfd1a59df9ddd590e1fe2b7fde047d85070986f4315abc
-
SSDEEP
12288:3H2iNlw0hKMKlclluElepyI0EvP+D/hEt59Maa56Q+R5aaCE7+SD:31X8MrLuhyIrvmD/eZ5niK
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-