General
-
Target
2c4d09a1ac0440d4b7f40c445c29e4b22ab1527d04790ee6b37d22f4412f3f77
-
Size
774KB
-
Sample
240425-c6axsseb4y
-
MD5
ff421faa4b17974486f95a00c833a57e
-
SHA1
d32163ad0cb86b6a7c7b90e7928f3ea13bbe73f0
-
SHA256
2c4d09a1ac0440d4b7f40c445c29e4b22ab1527d04790ee6b37d22f4412f3f77
-
SHA512
e15ce117eab9ac979072583c2c1d8ddd4f8f2023f32c550dd48d2092bf576366e0a0e1b3d4efca86136e3e4a5749b3a13f3f0ce0d956723a27a5bac4e66d6fd2
-
SSDEEP
24576:9F1HR8f5QDHqCfvNuD7u8aT6nDqF8tJ312Z:fJ6fQHqCfvgPu8a4DqF8tJl2
Static task
static1
Behavioral task
behavioral1
Sample
2c4d09a1ac0440d4b7f40c445c29e4b22ab1527d04790ee6b37d22f4412f3f77.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2c4d09a1ac0440d4b7f40c445c29e4b22ab1527d04790ee6b37d22f4412f3f77.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
N@DRpoY0 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
N@DRpoY0
Targets
-
-
Target
2c4d09a1ac0440d4b7f40c445c29e4b22ab1527d04790ee6b37d22f4412f3f77
-
Size
774KB
-
MD5
ff421faa4b17974486f95a00c833a57e
-
SHA1
d32163ad0cb86b6a7c7b90e7928f3ea13bbe73f0
-
SHA256
2c4d09a1ac0440d4b7f40c445c29e4b22ab1527d04790ee6b37d22f4412f3f77
-
SHA512
e15ce117eab9ac979072583c2c1d8ddd4f8f2023f32c550dd48d2092bf576366e0a0e1b3d4efca86136e3e4a5749b3a13f3f0ce0d956723a27a5bac4e66d6fd2
-
SSDEEP
24576:9F1HR8f5QDHqCfvNuD7u8aT6nDqF8tJ312Z:fJ6fQHqCfvgPu8a4DqF8tJl2
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-