General
-
Target
27d5530528a8434a7fc2eda7c8e1ac9f5803aa498098a75017a60fafcb85477a
-
Size
731KB
-
Sample
240519-bmwjqaag72
-
MD5
2468f3ff525f5d01eb020089ebb2b13a
-
SHA1
e073cddfa234d86d7c931f41384323affb39c757
-
SHA256
27d5530528a8434a7fc2eda7c8e1ac9f5803aa498098a75017a60fafcb85477a
-
SHA512
4d5973184a6c9880e44413fa5a6cc1d0f77499f4b55c667b23e892bdbd39a980d6561a41533b27728f188ebf5e61ecde8c7a57fb2470e439c307522c24eabde6
-
SSDEEP
12288:+KAHuplPhAfmT3GnrCHAMw1UNUz6SuSwWcYLlALNkIzvy2S8tIKJp9/SHVkR:NpH+m7Gr87rLDSwWdLONDvtIKJpwHo
Static task
static1
Behavioral task
behavioral1
Sample
27d5530528a8434a7fc2eda7c8e1ac9f5803aa498098a75017a60fafcb85477a.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
27d5530528a8434a7fc2eda7c8e1ac9f5803aa498098a75017a60fafcb85477a.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.insleep.com.tr - Port:
587 - Username:
[email protected] - Password:
xj%YXHGz&2Np - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.insleep.com.tr - Port:
587 - Username:
[email protected] - Password:
xj%YXHGz&2Np
Targets
-
-
Target
27d5530528a8434a7fc2eda7c8e1ac9f5803aa498098a75017a60fafcb85477a
-
Size
731KB
-
MD5
2468f3ff525f5d01eb020089ebb2b13a
-
SHA1
e073cddfa234d86d7c931f41384323affb39c757
-
SHA256
27d5530528a8434a7fc2eda7c8e1ac9f5803aa498098a75017a60fafcb85477a
-
SHA512
4d5973184a6c9880e44413fa5a6cc1d0f77499f4b55c667b23e892bdbd39a980d6561a41533b27728f188ebf5e61ecde8c7a57fb2470e439c307522c24eabde6
-
SSDEEP
12288:+KAHuplPhAfmT3GnrCHAMw1UNUz6SuSwWcYLlALNkIzvy2S8tIKJp9/SHVkR:NpH+m7Gr87rLDSwWdLONDvtIKJpwHo
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-