General
-
Target
28b3efe2dc204c34a10fcf7ce59e991980811d94e7cc8046c1e893c8585cbffa
-
Size
667KB
-
Sample
240426-bmzalsgh33
-
MD5
ea1846004cebdb3eff49a0360010f70b
-
SHA1
504d7319c20b37b70771031c0d2cfc6b73134e11
-
SHA256
28b3efe2dc204c34a10fcf7ce59e991980811d94e7cc8046c1e893c8585cbffa
-
SHA512
4a5722a5df7e8603544964848fd666d35e8d6fa6c710548a26c79a796472ccba4fece7b9bbe40681fcd9ad7cd7188f1b482e8c22ba087cd85d05f9c2c5d6d6bb
-
SSDEEP
12288:CpeDiqaPnueo0BvNx8Phik3cqroEXNwKxJ+ZX6XQNQvzl9Ns4:RGPU0BvNxCnTJXNwKxE6XNr/2
Static task
static1
Behavioral task
behavioral1
Sample
28b3efe2dc204c34a10fcf7ce59e991980811d94e7cc8046c1e893c8585cbffa.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
28b3efe2dc204c34a10fcf7ce59e991980811d94e7cc8046c1e893c8585cbffa.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
fzesv)c2 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
fzesv)c2
Targets
-
-
Target
28b3efe2dc204c34a10fcf7ce59e991980811d94e7cc8046c1e893c8585cbffa
-
Size
667KB
-
MD5
ea1846004cebdb3eff49a0360010f70b
-
SHA1
504d7319c20b37b70771031c0d2cfc6b73134e11
-
SHA256
28b3efe2dc204c34a10fcf7ce59e991980811d94e7cc8046c1e893c8585cbffa
-
SHA512
4a5722a5df7e8603544964848fd666d35e8d6fa6c710548a26c79a796472ccba4fece7b9bbe40681fcd9ad7cd7188f1b482e8c22ba087cd85d05f9c2c5d6d6bb
-
SSDEEP
12288:CpeDiqaPnueo0BvNx8Phik3cqroEXNwKxJ+ZX6XQNQvzl9Ns4:RGPU0BvNxCnTJXNwKxE6XNr/2
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-