General
-
Target
50cd8f4cb01872b0bfe50b281adc591708ea17b3ac4fa7ac1110edbb7e669ef5
-
Size
985KB
-
Sample
240524-dj5dkaah2z
-
MD5
be01442829f00cf449711150b1a189f0
-
SHA1
8f7e507c41b88d8c50cba9c155ecf60376ecdafd
-
SHA256
50cd8f4cb01872b0bfe50b281adc591708ea17b3ac4fa7ac1110edbb7e669ef5
-
SHA512
34003aa10cb934d7a7d7e8af979949e8b5d92c04a18dbbcc763595ee59daf8822d7d2b7a335b9ff1c2d2cf80d529339755c112e8a932eff170edde8c28b0f8ee
-
SSDEEP
12288:un6F4X56OWFTTbgCOV4GVSuxYJGZRJoZC2qRsB:une4JfsvgCsXVh2SZR
Static task
static1
Behavioral task
behavioral1
Sample
50cd8f4cb01872b0bfe50b281adc591708ea17b3ac4fa7ac1110edbb7e669ef5.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
50cd8f4cb01872b0bfe50b281adc591708ea17b3ac4fa7ac1110edbb7e669ef5.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.hotelroyal.com.pl - Port:
587 - Username:
[email protected] - Password:
W0xw6jA.Hdr3 - Email To:
[email protected]
Targets
-
-
Target
50cd8f4cb01872b0bfe50b281adc591708ea17b3ac4fa7ac1110edbb7e669ef5
-
Size
985KB
-
MD5
be01442829f00cf449711150b1a189f0
-
SHA1
8f7e507c41b88d8c50cba9c155ecf60376ecdafd
-
SHA256
50cd8f4cb01872b0bfe50b281adc591708ea17b3ac4fa7ac1110edbb7e669ef5
-
SHA512
34003aa10cb934d7a7d7e8af979949e8b5d92c04a18dbbcc763595ee59daf8822d7d2b7a335b9ff1c2d2cf80d529339755c112e8a932eff170edde8c28b0f8ee
-
SSDEEP
12288:un6F4X56OWFTTbgCOV4GVSuxYJGZRJoZC2qRsB:une4JfsvgCsXVh2SZR
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-