General
-
Target
2fefed764eb9ca3c0cc6ad7dffae6e080112d064b524c8c5e6c8cd0ea7cdb7e6
-
Size
997KB
-
Sample
240425-bkf19acf56
-
MD5
f2ff134ac606cda442f0e495f84b2c1e
-
SHA1
3a61d9ce77d4a1853138bb18f08c0ba2794947d1
-
SHA256
2fefed764eb9ca3c0cc6ad7dffae6e080112d064b524c8c5e6c8cd0ea7cdb7e6
-
SHA512
6093e06f80c586b4ab8d8009049aa87bee9cae453fdfcd3bcf0c6c92bec25875341b8c4058713d1159548f39efb3c09a718cd94eadab4b066021973df11fe2db
-
SSDEEP
24576:zUsP3Lwt/h/uLevUebSsMAWRNdXyfEQNBej7kvQ6g8KYt+Z3:AxhV9bwAWRNMffvWkvdgdF
Static task
static1
Behavioral task
behavioral1
Sample
2fefed764eb9ca3c0cc6ad7dffae6e080112d064b524c8c5e6c8cd0ea7cdb7e6.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2fefed764eb9ca3c0cc6ad7dffae6e080112d064b524c8c5e6c8cd0ea7cdb7e6.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bloomfoss.com - Port:
587 - Username:
[email protected] - Password:
}q5(.n+o4BAF}q5(.n+o4BAF - Email To:
[email protected]
Targets
-
-
Target
2fefed764eb9ca3c0cc6ad7dffae6e080112d064b524c8c5e6c8cd0ea7cdb7e6
-
Size
997KB
-
MD5
f2ff134ac606cda442f0e495f84b2c1e
-
SHA1
3a61d9ce77d4a1853138bb18f08c0ba2794947d1
-
SHA256
2fefed764eb9ca3c0cc6ad7dffae6e080112d064b524c8c5e6c8cd0ea7cdb7e6
-
SHA512
6093e06f80c586b4ab8d8009049aa87bee9cae453fdfcd3bcf0c6c92bec25875341b8c4058713d1159548f39efb3c09a718cd94eadab4b066021973df11fe2db
-
SSDEEP
24576:zUsP3Lwt/h/uLevUebSsMAWRNdXyfEQNBej7kvQ6g8KYt+Z3:AxhV9bwAWRNMffvWkvdgdF
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-