General
-
Target
bbbf60b0038ef5948c72c5bb307d44a7ce0c3e0fda2f0b15552335fd3435cb47
-
Size
670KB
-
Sample
240430-chs4gahc85
-
MD5
b34f04aecd4b4a9dea7dd35a81edd59e
-
SHA1
23d4b1d2eb99531307869f7a0907f0e58af208d5
-
SHA256
bbbf60b0038ef5948c72c5bb307d44a7ce0c3e0fda2f0b15552335fd3435cb47
-
SHA512
a59ec3b5e0b5d10bf91991b0d3fde5555f3b4babc93b30b818b8359f4b17ec6d9595f4431978227c0f5643e8b05324a4971fe3c1435f750e2d24cc5883e87074
-
SSDEEP
12288:U6bB778Q0Cz1Ar1eMFcg9O0Zj+XalMO6gsVwb0X6t7yp0nSd+YlsNn/RJL4fgVCf:dbBVbgZ+qKEsN6TSsn55RwX
Static task
static1
Behavioral task
behavioral1
Sample
bbbf60b0038ef5948c72c5bb307d44a7ce0c3e0fda2f0b15552335fd3435cb47.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
bbbf60b0038ef5948c72c5bb307d44a7ce0c3e0fda2f0b15552335fd3435cb47.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.innomedjsc.com - Port:
587 - Username:
[email protected] - Password:
s]~5ai)IFpr- - Email To:
[email protected]
Targets
-
-
Target
bbbf60b0038ef5948c72c5bb307d44a7ce0c3e0fda2f0b15552335fd3435cb47
-
Size
670KB
-
MD5
b34f04aecd4b4a9dea7dd35a81edd59e
-
SHA1
23d4b1d2eb99531307869f7a0907f0e58af208d5
-
SHA256
bbbf60b0038ef5948c72c5bb307d44a7ce0c3e0fda2f0b15552335fd3435cb47
-
SHA512
a59ec3b5e0b5d10bf91991b0d3fde5555f3b4babc93b30b818b8359f4b17ec6d9595f4431978227c0f5643e8b05324a4971fe3c1435f750e2d24cc5883e87074
-
SSDEEP
12288:U6bB778Q0Cz1Ar1eMFcg9O0Zj+XalMO6gsVwb0X6t7yp0nSd+YlsNn/RJL4fgVCf:dbBVbgZ+qKEsN6TSsn55RwX
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-