General
-
Target
d8df68d06a9f7df73bb47a6b1f8b5590224215440b2c362cd4523624204221d7
-
Size
708KB
-
Sample
240426-crhn4ahc46
-
MD5
244aeffed60b24c23bd3f68f74aa60c3
-
SHA1
e769541c8665e5d88507bc7a1ee32c0254e35a55
-
SHA256
d8df68d06a9f7df73bb47a6b1f8b5590224215440b2c362cd4523624204221d7
-
SHA512
996575e5d10ee9f99cb33db123abb24137731a31abd75ddeada7199a9a5fd7b58cc4763f217d3c777a59bfaaafe2184ae58f478241d3a17b94826f767f1604f3
-
SSDEEP
12288:0WYIPXjxannnHg2mhB6hKStqzbvzO2muZoTsShq91CQxLDLW:0WYIPFannnHg2mhYFtMbaZuZoTsShq9w
Static task
static1
Behavioral task
behavioral1
Sample
d8df68d06a9f7df73bb47a6b1f8b5590224215440b2c362cd4523624204221d7.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d8df68d06a9f7df73bb47a6b1f8b5590224215440b2c362cd4523624204221d7.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
smart1@mksiimst.com - Password:
j^JjgEi0 - Email To:
smart1@mksiimst.com
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
smart1@mksiimst.com - Password:
j^JjgEi0
Targets
-
-
Target
d8df68d06a9f7df73bb47a6b1f8b5590224215440b2c362cd4523624204221d7
-
Size
708KB
-
MD5
244aeffed60b24c23bd3f68f74aa60c3
-
SHA1
e769541c8665e5d88507bc7a1ee32c0254e35a55
-
SHA256
d8df68d06a9f7df73bb47a6b1f8b5590224215440b2c362cd4523624204221d7
-
SHA512
996575e5d10ee9f99cb33db123abb24137731a31abd75ddeada7199a9a5fd7b58cc4763f217d3c777a59bfaaafe2184ae58f478241d3a17b94826f767f1604f3
-
SSDEEP
12288:0WYIPXjxannnHg2mhB6hKStqzbvzO2muZoTsShq91CQxLDLW:0WYIPFannnHg2mhYFtMbaZuZoTsShq9w
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-