General
-
Target
8f8fbf4e41c855fbf305cab4a3040bc2c3abbbb8ad0505a1897e29f59f8e6ead
-
Size
2.2MB
-
Sample
240612-brpxqsxeng
-
MD5
5994df8e6bfeed824bcc377271db9ad5
-
SHA1
c2cc6935401f8f5a7c96c5cddbae5fc89909aacb
-
SHA256
8f8fbf4e41c855fbf305cab4a3040bc2c3abbbb8ad0505a1897e29f59f8e6ead
-
SHA512
8d177c06d648a7f3fb0c43b0cea748a26518e4e3f0bcdf02ef4fe8bd3ee65d5e32560d821e039416abefa442aadb40e96e6414f2dcacc65b0cb4ffb34bc83166
-
SSDEEP
24576:3MfbE4S0B0E88VlLmXQJW+4ZdZF8iDaombiTArfK:cfbE4S0B0WVh4Q34ZdHaNTrS
Static task
static1
Behavioral task
behavioral1
Sample
8f8fbf4e41c855fbf305cab4a3040bc2c3abbbb8ad0505a1897e29f59f8e6ead.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
8f8fbf4e41c855fbf305cab4a3040bc2c3abbbb8ad0505a1897e29f59f8e6ead.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.topshopltd.com - Port:
587 - Username:
[email protected] - Password:
INFO001! ,, .. - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.topshopltd.com - Port:
587 - Username:
[email protected] - Password:
INFO001! ,, ..
Targets
-
-
Target
8f8fbf4e41c855fbf305cab4a3040bc2c3abbbb8ad0505a1897e29f59f8e6ead
-
Size
2.2MB
-
MD5
5994df8e6bfeed824bcc377271db9ad5
-
SHA1
c2cc6935401f8f5a7c96c5cddbae5fc89909aacb
-
SHA256
8f8fbf4e41c855fbf305cab4a3040bc2c3abbbb8ad0505a1897e29f59f8e6ead
-
SHA512
8d177c06d648a7f3fb0c43b0cea748a26518e4e3f0bcdf02ef4fe8bd3ee65d5e32560d821e039416abefa442aadb40e96e6414f2dcacc65b0cb4ffb34bc83166
-
SSDEEP
24576:3MfbE4S0B0E88VlLmXQJW+4ZdZF8iDaombiTArfK:cfbE4S0B0WVh4Q34ZdHaNTrS
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-