General
-
Target
06c2b1ff831a7ef951d16f8d66b3aeb8cf0e34ea7cf10cc97fafca3954d3941a.exe
-
Size
1.0MB
-
Sample
240418-hzdm1aed25
-
MD5
44a29fe67790393da2d2bdd6041d1b8c
-
SHA1
3012409a7272c6885fb1206f5e3fccac5427d43c
-
SHA256
06c2b1ff831a7ef951d16f8d66b3aeb8cf0e34ea7cf10cc97fafca3954d3941a
-
SHA512
ba1120a0cc6f30e3d48d38eca69e9e43070a31f63deb6116c477d2e17fcedafeb84bb3a00f3c32ffc673cfe4f5540f0e89876a88b2af93cf9e859534285122f7
-
SSDEEP
24576:9AHnh+eWsN3skA4RV1Hom2KXMmHaMNj+LXwCh5:ch+ZkldoPK8YaMkV
Static task
static1
Behavioral task
behavioral1
Sample
06c2b1ff831a7ef951d16f8d66b3aeb8cf0e34ea7cf10cc97fafca3954d3941a.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
06c2b1ff831a7ef951d16f8d66b3aeb8cf0e34ea7cf10cc97fafca3954d3941a.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.worlorderbillions.top - Port:
587 - Username:
[email protected] - Password:
rwe87$%21q - Email To:
[email protected]
Targets
-
-
Target
06c2b1ff831a7ef951d16f8d66b3aeb8cf0e34ea7cf10cc97fafca3954d3941a.exe
-
Size
1.0MB
-
MD5
44a29fe67790393da2d2bdd6041d1b8c
-
SHA1
3012409a7272c6885fb1206f5e3fccac5427d43c
-
SHA256
06c2b1ff831a7ef951d16f8d66b3aeb8cf0e34ea7cf10cc97fafca3954d3941a
-
SHA512
ba1120a0cc6f30e3d48d38eca69e9e43070a31f63deb6116c477d2e17fcedafeb84bb3a00f3c32ffc673cfe4f5540f0e89876a88b2af93cf9e859534285122f7
-
SSDEEP
24576:9AHnh+eWsN3skA4RV1Hom2KXMmHaMNj+LXwCh5:ch+ZkldoPK8YaMkV
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-