General
-
Target
a186cede5688d4e3defe670a78b4559c15804e521195e85dd68979c42158236c
-
Size
672KB
-
Sample
240329-b39raaeg28
-
MD5
d1aaa63d80e69105f08e0d6b4c61ba90
-
SHA1
139f2ebc782840c1b9a701dd4045f8952dc3735b
-
SHA256
a186cede5688d4e3defe670a78b4559c15804e521195e85dd68979c42158236c
-
SHA512
c7e7b5d6f5d95f8d8a5c8bd7221d5d3452bcaaba1afa06946050c57502aad94a5e76d1bf913c285c0c8e7214ae557a461f98419bca54fe44820c71376f2941ee
-
SSDEEP
12288:Xe0YOwqI9Oy32lEkD+OglJ/QwgBjPcgdZ8zA7CNrjJaRGBGGoBRozS:X+O7/a2lEkkJ/Kno07CNPERGBs7oe
Static task
static1
Behavioral task
behavioral1
Sample
a186cede5688d4e3defe670a78b4559c15804e521195e85dd68979c42158236c.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a186cede5688d4e3defe670a78b4559c15804e521195e85dd68979c42158236c.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mail.ee - Port:
587 - Username:
[email protected] - Password:
D8q8mDAS?v - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.mail.ee - Port:
587 - Username:
[email protected] - Password:
D8q8mDAS?v
Targets
-
-
Target
a186cede5688d4e3defe670a78b4559c15804e521195e85dd68979c42158236c
-
Size
672KB
-
MD5
d1aaa63d80e69105f08e0d6b4c61ba90
-
SHA1
139f2ebc782840c1b9a701dd4045f8952dc3735b
-
SHA256
a186cede5688d4e3defe670a78b4559c15804e521195e85dd68979c42158236c
-
SHA512
c7e7b5d6f5d95f8d8a5c8bd7221d5d3452bcaaba1afa06946050c57502aad94a5e76d1bf913c285c0c8e7214ae557a461f98419bca54fe44820c71376f2941ee
-
SSDEEP
12288:Xe0YOwqI9Oy32lEkD+OglJ/QwgBjPcgdZ8zA7CNrjJaRGBGGoBRozS:X+O7/a2lEkkJ/Kno07CNPERGBs7oe
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-