General
-
Target
0200e55a325a306e6913b8fa8db14c12d4072a317824e077d854ef229ad446b7
-
Size
656KB
-
Sample
240424-ckheraeb3z
-
MD5
2ca2ccf50518b2a6c6d256ac4bc0ebd2
-
SHA1
ed0dc26a5458640e88281f28e2119c9a4a51cd3e
-
SHA256
0200e55a325a306e6913b8fa8db14c12d4072a317824e077d854ef229ad446b7
-
SHA512
760dd5406f6b2b0d35c1f83fe91ef09b5169fed3978fe12f5dcd0faabe519e389e1a3209066f9addf9939a4295500b2a90ee37ddc2c1260cde256ef5b3de1424
-
SSDEEP
12288:nHhzKTOf0u9hZgyv9Nk1fd7LdXsmaakZu1pFdW6RDrNi:nlSOMiNaXsbtZuLHdRDr
Static task
static1
Behavioral task
behavioral1
Sample
0200e55a325a306e6913b8fa8db14c12d4072a317824e077d854ef229ad446b7.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0200e55a325a306e6913b8fa8db14c12d4072a317824e077d854ef229ad446b7.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.orako.co.ke - Port:
587 - Username:
[email protected] - Password:
zVY1H)4,AgHi - Email To:
[email protected]
Targets
-
-
Target
0200e55a325a306e6913b8fa8db14c12d4072a317824e077d854ef229ad446b7
-
Size
656KB
-
MD5
2ca2ccf50518b2a6c6d256ac4bc0ebd2
-
SHA1
ed0dc26a5458640e88281f28e2119c9a4a51cd3e
-
SHA256
0200e55a325a306e6913b8fa8db14c12d4072a317824e077d854ef229ad446b7
-
SHA512
760dd5406f6b2b0d35c1f83fe91ef09b5169fed3978fe12f5dcd0faabe519e389e1a3209066f9addf9939a4295500b2a90ee37ddc2c1260cde256ef5b3de1424
-
SSDEEP
12288:nHhzKTOf0u9hZgyv9Nk1fd7LdXsmaakZu1pFdW6RDrNi:nlSOMiNaXsbtZuLHdRDr
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-