General
-
Target
c044bd671515d2cc8686421b190f4f0a790609ed953a123672a3d9e911155297
-
Size
579KB
-
Sample
240430-bky7tsfh54
-
MD5
256d5396e80c981e0d3024cde6808cbd
-
SHA1
b529c1810cf0aa221726cbf28411ff8da097a043
-
SHA256
c044bd671515d2cc8686421b190f4f0a790609ed953a123672a3d9e911155297
-
SHA512
29a8345103d13096cd293cad702c356311d4c650d009dcd5cbe144f8760b4d2d5ab64dc73c059a7bb3e8ef408dce451569d5f18b2a65f006c587749b35465d30
-
SSDEEP
12288:MHMZvF29zA2rFvqE1txuK37XKtQz/XEW1LzPKbd82MqHLybs:MIoAWRqytnjKqLXzOrr
Static task
static1
Behavioral task
behavioral1
Sample
ZD-6366370128-8900237723992______________________________.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
ZD-6366370128-8900237723992______________________________.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.worlorderbillions.top - Port:
587 - Username:
[email protected] - Password:
rwe87$%21q - Email To:
[email protected]
Targets
-
-
Target
ZD-6366370128-8900237723992______________________________.exe
-
Size
1.0MB
-
MD5
42d70514681b2fde2102b5848dc3cddf
-
SHA1
1354649da70973dff6fc90607aa4922034ad9800
-
SHA256
9ff7aefc37e4add2457417f35ba73e8c53a4f9ab7ced0656fec94ac8f5e35630
-
SHA512
ddcc7bd562610b5c31cf117599dd6fb96bbb4c84c53ed4d220d0029d6e376ea262e682e91b1629ef3bcdf1876c250f71bc84f100e611492bdb1526103c14b252
-
SSDEEP
24576:hAHnh+eWsN3skA4RV1Hom2KXMmHazFuynO45:4h+ZkldoPK8YazjnF
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-