General
-
Target
3d3f79caf25241ab404fb61e7a6cf5dc5ceeb80bf268c44ebdb3de78b400f057
-
Size
673KB
-
Sample
240328-cbemhacg61
-
MD5
acfc1e9caea0a31da2e932fc330cf225
-
SHA1
037d57304ac94e45197f929eccc5f01a3acde89e
-
SHA256
3d3f79caf25241ab404fb61e7a6cf5dc5ceeb80bf268c44ebdb3de78b400f057
-
SHA512
6d2d3e4b22579017e6cb00cad9c15fc599ae98447a716d458b58bd1c81ca1d9c14e3906f83096d3f0f7cc206411dc705a1bc433535849a5aca6704d25a76960f
-
SSDEEP
12288:h+2iNlw0YwrE3YeSx/8WrmJYQ7/sRR6+CvR34wHc1sgPI0ylbTArIIkR:g1XtyYeSx/DP6zRow81sgfGbE8f
Static task
static1
Behavioral task
behavioral1
Sample
3d3f79caf25241ab404fb61e7a6cf5dc5ceeb80bf268c44ebdb3de78b400f057.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
3d3f79caf25241ab404fb61e7a6cf5dc5ceeb80bf268c44ebdb3de78b400f057.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
godwillxzn.com - Port:
587 - Username:
frank1@godwillxzn.com - Password:
,~B=)#zzr)o= - Email To:
frank@godwillxzn.com
Extracted
Protocol: smtp- Host:
godwillxzn.com - Port:
587 - Username:
frank1@godwillxzn.com - Password:
,~B=)#zzr)o=
Targets
-
-
Target
3d3f79caf25241ab404fb61e7a6cf5dc5ceeb80bf268c44ebdb3de78b400f057
-
Size
673KB
-
MD5
acfc1e9caea0a31da2e932fc330cf225
-
SHA1
037d57304ac94e45197f929eccc5f01a3acde89e
-
SHA256
3d3f79caf25241ab404fb61e7a6cf5dc5ceeb80bf268c44ebdb3de78b400f057
-
SHA512
6d2d3e4b22579017e6cb00cad9c15fc599ae98447a716d458b58bd1c81ca1d9c14e3906f83096d3f0f7cc206411dc705a1bc433535849a5aca6704d25a76960f
-
SSDEEP
12288:h+2iNlw0YwrE3YeSx/8WrmJYQ7/sRR6+CvR34wHc1sgPI0ylbTArIIkR:g1XtyYeSx/DP6zRow81sgfGbE8f
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-