General
-
Target
09884103c8fc964e98a5496abe804afb1ba15af8a9b52164a2c0750e884b9ee6
-
Size
941KB
-
Sample
240328-cb23ssae52
-
MD5
e83f45af656789ab658cd012edbe8f93
-
SHA1
128bfc2b2fa910a4c8cc1d2e9a30a50b574de25d
-
SHA256
09884103c8fc964e98a5496abe804afb1ba15af8a9b52164a2c0750e884b9ee6
-
SHA512
1510c121c10bf05177f33a8047944d926dae26f24705225512fb5dba528aecca8bfb5e2f42641c4da921651a81b795c009c12bbf92775e8ff2dd2f9b10badc6e
-
SSDEEP
12288:sk4sQxEpvY+vj0cK/hbMAjIvFD5jll1WYfQfdz1C9Im9HGv6MwgSWWOcT0MfNQJf:9Sx+Nw5bAdD5jll1Wm+470vKgSlNFk
Static task
static1
Behavioral task
behavioral1
Sample
09884103c8fc964e98a5496abe804afb1ba15af8a9b52164a2c0750e884b9ee6.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
09884103c8fc964e98a5496abe804afb1ba15af8a9b52164a2c0750e884b9ee6.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
godwillxzn.com - Port:
587 - Username:
frank1@godwillxzn.com - Password:
,~B=)#zzr)o= - Email To:
frank@godwillxzn.com
Extracted
Protocol: smtp- Host:
godwillxzn.com - Port:
587 - Username:
frank1@godwillxzn.com - Password:
,~B=)#zzr)o=
Targets
-
-
Target
09884103c8fc964e98a5496abe804afb1ba15af8a9b52164a2c0750e884b9ee6
-
Size
941KB
-
MD5
e83f45af656789ab658cd012edbe8f93
-
SHA1
128bfc2b2fa910a4c8cc1d2e9a30a50b574de25d
-
SHA256
09884103c8fc964e98a5496abe804afb1ba15af8a9b52164a2c0750e884b9ee6
-
SHA512
1510c121c10bf05177f33a8047944d926dae26f24705225512fb5dba528aecca8bfb5e2f42641c4da921651a81b795c009c12bbf92775e8ff2dd2f9b10badc6e
-
SSDEEP
12288:sk4sQxEpvY+vj0cK/hbMAjIvFD5jll1WYfQfdz1C9Im9HGv6MwgSWWOcT0MfNQJf:9Sx+Nw5bAdD5jll1Wm+470vKgSlNFk
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-