General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.12561.19906.exe
-
Size
704KB
-
Sample
240425-g52rcage6v
-
MD5
0cddb3e724f9bb0314bf8c50db240cf0
-
SHA1
8018274d23411ab33bf16168036de21e2790aa0b
-
SHA256
3ebacca195af8a57792fa7fa13c371bc68078d8c33f0d16220c6b65df1271d3e
-
SHA512
e3a5d004c7f55ee037ff375d235e6cb1d69b5b6733b253068ac2486d7c5c66352d842dd730f2b5ff80bd1e533c2eb6e8e7ffa87b9d65c1367d3e965618fde0a7
-
SSDEEP
12288:7WYIPXjxannnHg2cOriFgRtHKOtnk9ViDE48k91yOcYG3aHcyvNm:7WYIPFannnHg2JPtKOai0GZlGqHcyvk
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.12561.19906.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.PWSX-gen.12561.19906.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.orako.co.ke - Port:
587 - Username:
[email protected] - Password:
zVY1H)4,AgHi - Email To:
[email protected]
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.12561.19906.exe
-
Size
704KB
-
MD5
0cddb3e724f9bb0314bf8c50db240cf0
-
SHA1
8018274d23411ab33bf16168036de21e2790aa0b
-
SHA256
3ebacca195af8a57792fa7fa13c371bc68078d8c33f0d16220c6b65df1271d3e
-
SHA512
e3a5d004c7f55ee037ff375d235e6cb1d69b5b6733b253068ac2486d7c5c66352d842dd730f2b5ff80bd1e533c2eb6e8e7ffa87b9d65c1367d3e965618fde0a7
-
SSDEEP
12288:7WYIPXjxannnHg2cOriFgRtHKOtnk9ViDE48k91yOcYG3aHcyvNm:7WYIPFannnHg2JPtKOai0GZlGqHcyvk
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-