General
-
Target
c14a676f9c3d9ac92006435ffe0af47756c61e3813235d029bc9b7a6663459ed
-
Size
795KB
-
Sample
240519-bgyf5aad49
-
MD5
d57ca878c1c2b72d0c093d348df80ef2
-
SHA1
9a9af81e5fa544012861fe01027abf1dee9415cd
-
SHA256
c14a676f9c3d9ac92006435ffe0af47756c61e3813235d029bc9b7a6663459ed
-
SHA512
a78acc61d6fc2c6f72ce1517e2de80ad693b9a78a378332a0d792dbb3f2015e8ce89a4e2b26c8ce376f4a593a1283ff2d00459d977e995e6b53ff436ce0b06b9
-
SSDEEP
24576:mQnyfr/D5BrPNYIG/V8JNOMLxnO8PDiYMFniyy:Jn+P5BrPNYH8JNpLA+FMFny
Static task
static1
Behavioral task
behavioral1
Sample
c14a676f9c3d9ac92006435ffe0af47756c61e3813235d029bc9b7a6663459ed.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
c14a676f9c3d9ac92006435ffe0af47756c61e3813235d029bc9b7a6663459ed.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ipr-co.org - Port:
587 - Username:
[email protected] - Password:
IPRco@100102@ - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.ipr-co.org - Port:
587 - Username:
[email protected] - Password:
IPRco@100102@
Targets
-
-
Target
c14a676f9c3d9ac92006435ffe0af47756c61e3813235d029bc9b7a6663459ed
-
Size
795KB
-
MD5
d57ca878c1c2b72d0c093d348df80ef2
-
SHA1
9a9af81e5fa544012861fe01027abf1dee9415cd
-
SHA256
c14a676f9c3d9ac92006435ffe0af47756c61e3813235d029bc9b7a6663459ed
-
SHA512
a78acc61d6fc2c6f72ce1517e2de80ad693b9a78a378332a0d792dbb3f2015e8ce89a4e2b26c8ce376f4a593a1283ff2d00459d977e995e6b53ff436ce0b06b9
-
SSDEEP
24576:mQnyfr/D5BrPNYIG/V8JNOMLxnO8PDiYMFniyy:Jn+P5BrPNYH8JNpLA+FMFny
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-