General
-
Target
02ddae8144bc0b118b5e9dc0c8d42fb5eeb808c283440140f93332d59440d7ac
-
Size
658KB
-
Sample
240425-bwnv8sda3y
-
MD5
64060017bab2d5a65da8831e8fa824b2
-
SHA1
4239fbffdee9c35b59f05fc2f79c8b7a6338db18
-
SHA256
02ddae8144bc0b118b5e9dc0c8d42fb5eeb808c283440140f93332d59440d7ac
-
SHA512
9ab58de6b81cb2dadb822076a0174847119ed18b4f461a4ce604cd3698f7ef9ef1dba4b537ed0b6c7a23d778f6e800a6741a4d246ff8cc1447d9f072690477bd
-
SSDEEP
12288:EpuCKhNPKv4PR6Y7uZuwOixDotCaRrGxpNoU6vvZg0:Epu5iwPsYnwr0VrGxpgvZh
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE ORDER (3).exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
PURCHASE ORDER (3).exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
N@DRpoY0 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
N@DRpoY0
Targets
-
-
Target
PURCHASE ORDER (3).exe
-
Size
676KB
-
MD5
d760dc358592d6717d4d6ca1ca0b4a41
-
SHA1
c9cecc6110f3568c4b8d38c95f834b3bf7a7c0d8
-
SHA256
87c5e257097fbb317f8f64250f0796574dfaf1e132e4819dc9c62d9d59c227dd
-
SHA512
b32aad32df292055078aa2a5f98205da2fef69f183d8feaf2e79e2cc085430c80feb2560ebc733f6b2c5a994bfc5438071ddf40cd6c588ac5609a2676758290a
-
SSDEEP
12288:jAlv312Z3HmMPKvWPRqYtuJu+OixvozCaRXrJ6hVxB+8i53tzL73EmlPTS2b:jAJ312ZHmMi+PoYb+rw7XFcfB+B5RLDH
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-