General
-
Target
RFQ No.372842.exe
-
Size
688KB
-
Sample
240329-jbtjzsdb23
-
MD5
2ccea080a3b86de31008247c10961bde
-
SHA1
7727d944aaaada49fc82e49ef12d4858843ce13f
-
SHA256
ad7131b66e0218e87b565bebac20995ac672871eb45d17b0c7a41afd28d0fb0b
-
SHA512
4524dd72b1684a5d48d8ab79627ffecb94e2a0f7f17422dfb8f0f6ccfdfa21b1b1f1ac6121d746dd627d768173a477fc946cb59774615a9b7efaaff63ec2b51e
-
SSDEEP
12288:kjLK1P8Lf++1ZMHsbxvtxuRdheQOk/4Wfx4gF3dZMypYxI/RrzxuOLlbI4l49xWK:eiETx14sxHkdMJhWfW87MyOxAzI4lcAO
Static task
static1
Behavioral task
behavioral1
Sample
RFQ No.372842.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
RFQ No.372842.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.hashimauditing.com - Port:
587 - Username:
[email protected] - Password:
v%iroDWu(qfa
Extracted
agenttesla
Protocol: smtp- Host:
mail.hashimauditing.com - Port:
587 - Username:
[email protected] - Password:
v%iroDWu(qfa - Email To:
[email protected]
Targets
-
-
Target
RFQ No.372842.exe
-
Size
688KB
-
MD5
2ccea080a3b86de31008247c10961bde
-
SHA1
7727d944aaaada49fc82e49ef12d4858843ce13f
-
SHA256
ad7131b66e0218e87b565bebac20995ac672871eb45d17b0c7a41afd28d0fb0b
-
SHA512
4524dd72b1684a5d48d8ab79627ffecb94e2a0f7f17422dfb8f0f6ccfdfa21b1b1f1ac6121d746dd627d768173a477fc946cb59774615a9b7efaaff63ec2b51e
-
SSDEEP
12288:kjLK1P8Lf++1ZMHsbxvtxuRdheQOk/4Wfx4gF3dZMypYxI/RrzxuOLlbI4l49xWK:eiETx14sxHkdMJhWfW87MyOxAzI4lcAO
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-