General
-
Target
04062024_0137_03062024_09404copy.PDF.z
-
Size
690KB
-
Sample
240604-b19cqsgg7z
-
MD5
6cbd27181d070ac55c639ab9e0f8b4ef
-
SHA1
6357bf12a7b09f3f1044f7d4e91c0ef69e962047
-
SHA256
ac6e16f793b411c75316e90b91bb0eccd72cb1762da8e2bdc3132d17f62b69e0
-
SHA512
1b2af9280b7892249020aa531ea4eaf8c9544bbce75104b27ea8eccfbfd0d77e527e9920f809796339a06174eddf8dd72c36b429053bc52ec44546834983be11
-
SSDEEP
12288:1uvwzhIpI4Yb1Zux5+fLllXKWzn7XN7jRXm8BfOj3Kse9l8rry5Zp0EzScg:1uoEI4Ybyz4B7dnNm8Bd5Zp/SX
Static task
static1
Behavioral task
behavioral1
Sample
09404copy.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
09404copy.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
@iAiRA(0 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
@iAiRA(0
Targets
-
-
Target
09404copy.exe
-
Size
752KB
-
MD5
cec884228c39c9b4637636c642d5f280
-
SHA1
1f5d0c9af43945117e3606a4bd36019bc90a3dd3
-
SHA256
91a58a047d6ea0c7ddb7c89b0a43a5453fd5d7145c78a836ef803d5fb0f65254
-
SHA512
b2a8e131be7e9e1362b0c85e8594fbe7d73da5ce6fdb8a064d0366033bb1444727f5053dd1a66b4bed1e7fee6e1db344543e710c3363502ee0645504e0a927a2
-
SSDEEP
12288:07kpO8mUKNr+uIdaJ7NkATs8emV0QZh4Cw81SQUgJcU+QYyiUZGV8dxx:g82CukaQBOXZe38SPYH6UBxx
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-