General
-
Target
b81197ed34ebad9a0951c4fb87b5b0036e8366d4c4cb411f478067fbae8023b3
-
Size
945KB
-
Sample
240604-bgvp8sgf29
-
MD5
823ef86adc71b80062b03f45c2449057
-
SHA1
0fd7d69552e86bcd56d0f02ce6180576d50182d9
-
SHA256
b81197ed34ebad9a0951c4fb87b5b0036e8366d4c4cb411f478067fbae8023b3
-
SHA512
1b59c980ea6943cb73f5503caf5ebbeb1817430086dc36105cb4129aa0f6c1197996c86038de119bc71957157e56707872a2b8b9966afcf37758d628af8f978b
-
SSDEEP
24576:+6Ug2oGVoiM+xpxckznUBo6EjELZfE1s9fZrUFjFduOeOK8GzMs:46mELO1ssFjSOeT8C
Static task
static1
Behavioral task
behavioral1
Sample
b81197ed34ebad9a0951c4fb87b5b0036e8366d4c4cb411f478067fbae8023b3.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b81197ed34ebad9a0951c4fb87b5b0036e8366d4c4cb411f478067fbae8023b3.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
gWwdRIw1 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
gWwdRIw1
Targets
-
-
Target
b81197ed34ebad9a0951c4fb87b5b0036e8366d4c4cb411f478067fbae8023b3
-
Size
945KB
-
MD5
823ef86adc71b80062b03f45c2449057
-
SHA1
0fd7d69552e86bcd56d0f02ce6180576d50182d9
-
SHA256
b81197ed34ebad9a0951c4fb87b5b0036e8366d4c4cb411f478067fbae8023b3
-
SHA512
1b59c980ea6943cb73f5503caf5ebbeb1817430086dc36105cb4129aa0f6c1197996c86038de119bc71957157e56707872a2b8b9966afcf37758d628af8f978b
-
SSDEEP
24576:+6Ug2oGVoiM+xpxckznUBo6EjELZfE1s9fZrUFjFduOeOK8GzMs:46mELO1ssFjSOeT8C
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-