General
-
Target
d9fc26e5a14dd3308077dd1c00770b3f166b2ddeede2622dda647261394ea567
-
Size
617KB
-
Sample
240523-c5n32aah8w
-
MD5
e0843ffe64077c75e890e705de5c6575
-
SHA1
2b83cd74141da0093a2aa559fbb667cbc55b48c2
-
SHA256
d9fc26e5a14dd3308077dd1c00770b3f166b2ddeede2622dda647261394ea567
-
SHA512
502694c8d59b98e61c1faf4a74674f662347f478551829dc2ba99bb77fb70f64f0e32960c19025842f5aa13d2cbdeb007c3b48be161a5f1a4ab84942f3c4cffe
-
SSDEEP
12288:YRRTF93RWpTKsupVuvWXP77K0E2UYppgrRj4icZSfhZ:mhF9spOBuvWXP77zUEEj45MfhZ
Static task
static1
Behavioral task
behavioral1
Sample
d9fc26e5a14dd3308077dd1c00770b3f166b2ddeede2622dda647261394ea567.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d9fc26e5a14dd3308077dd1c00770b3f166b2ddeede2622dda647261394ea567.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.visiontrade.ae - Port:
587 - Username:
[email protected] - Password:
,,.Ishaq2021 ,,
Extracted
agenttesla
Protocol: smtp- Host:
mail.visiontrade.ae - Port:
587 - Username:
[email protected] - Password:
,,.Ishaq2021 ,, - Email To:
[email protected]
Targets
-
-
Target
d9fc26e5a14dd3308077dd1c00770b3f166b2ddeede2622dda647261394ea567
-
Size
617KB
-
MD5
e0843ffe64077c75e890e705de5c6575
-
SHA1
2b83cd74141da0093a2aa559fbb667cbc55b48c2
-
SHA256
d9fc26e5a14dd3308077dd1c00770b3f166b2ddeede2622dda647261394ea567
-
SHA512
502694c8d59b98e61c1faf4a74674f662347f478551829dc2ba99bb77fb70f64f0e32960c19025842f5aa13d2cbdeb007c3b48be161a5f1a4ab84942f3c4cffe
-
SSDEEP
12288:YRRTF93RWpTKsupVuvWXP77K0E2UYppgrRj4icZSfhZ:mhF9spOBuvWXP77zUEEj45MfhZ
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-