General
-
Target
df70d87bb949eb5a38ce3ec3f727f09eb4da5e6fe9e72e4325677f5b6df3bebb
-
Size
245KB
-
Sample
240329-be4v5add3t
-
MD5
b24fbf0f1a41bf4661e2a29e5e0a2809
-
SHA1
f214ea9896d91a21608a65b8a4440b72455bb4d5
-
SHA256
df70d87bb949eb5a38ce3ec3f727f09eb4da5e6fe9e72e4325677f5b6df3bebb
-
SHA512
0f276ab093fd6f5b81a959dd621a19771b69265c1e7c02170d1d02b4256e71b10207186d4c09a80b4a716c9ff2db9d25bffe89ed1fe5e9f6a0817f76002cdc06
-
SSDEEP
3072:h89jMaHHXHX5SEgTTO19W2fcQoARdXopH4YH5vJlBTm+cr:h8CaHHXHXAEgTosARdg4YDlBLc
Behavioral task
behavioral1
Sample
df70d87bb949eb5a38ce3ec3f727f09eb4da5e6fe9e72e4325677f5b6df3bebb.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
df70d87bb949eb5a38ce3ec3f727f09eb4da5e6fe9e72e4325677f5b6df3bebb.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
engineering.saltcotrading@gmail.com - Password:
ehfx obyt xunn dtub - Email To:
engineering.saltcotrading@gmail.com
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
engineering.saltcotrading@gmail.com - Password:
ehfx obyt xunn dtub
Targets
-
-
Target
df70d87bb949eb5a38ce3ec3f727f09eb4da5e6fe9e72e4325677f5b6df3bebb
-
Size
245KB
-
MD5
b24fbf0f1a41bf4661e2a29e5e0a2809
-
SHA1
f214ea9896d91a21608a65b8a4440b72455bb4d5
-
SHA256
df70d87bb949eb5a38ce3ec3f727f09eb4da5e6fe9e72e4325677f5b6df3bebb
-
SHA512
0f276ab093fd6f5b81a959dd621a19771b69265c1e7c02170d1d02b4256e71b10207186d4c09a80b4a716c9ff2db9d25bffe89ed1fe5e9f6a0817f76002cdc06
-
SSDEEP
3072:h89jMaHHXHX5SEgTTO19W2fcQoARdXopH4YH5vJlBTm+cr:h8CaHHXHXAEgTosARdg4YDlBLc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-