General
-
Target
rDXT878259-6GJL68893T5U-PQ67BT7U8.exe
-
Size
1.1MB
-
Sample
240911-y29q8a1bnk
-
MD5
7fb82bd3ea0cd2dc23015f11623f6e31
-
SHA1
318c0ea8390cc6c132da77db41e162507c46ed76
-
SHA256
594ba6bbb8abba31fb7474ddb8d218e456d02db0af5cd5e97b5f83e748afc6fd
-
SHA512
394fd09943996ac13f3fdcfa7f882c26f07ee2660abd21592ee43e912e3127941366c8a043f8f99fbb0343fc29cc22c22d99237e5ac1a9f1bf575f0c46d06c05
-
SSDEEP
24576:94lavt0LkLL9IMixoEgeadYgyGlRCyWpEq9MmCS:Ukwkn9IMHeadYlGZ9aPCS
Static task
static1
Behavioral task
behavioral1
Sample
rDXT878259-6GJL68893T5U-PQ67BT7U8.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
rDXT878259-6GJL68893T5U-PQ67BT7U8.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp8nl.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
@qwerty90123 - Email To:
[email protected]
Targets
-
-
Target
rDXT878259-6GJL68893T5U-PQ67BT7U8.exe
-
Size
1.1MB
-
MD5
7fb82bd3ea0cd2dc23015f11623f6e31
-
SHA1
318c0ea8390cc6c132da77db41e162507c46ed76
-
SHA256
594ba6bbb8abba31fb7474ddb8d218e456d02db0af5cd5e97b5f83e748afc6fd
-
SHA512
394fd09943996ac13f3fdcfa7f882c26f07ee2660abd21592ee43e912e3127941366c8a043f8f99fbb0343fc29cc22c22d99237e5ac1a9f1bf575f0c46d06c05
-
SSDEEP
24576:94lavt0LkLL9IMixoEgeadYgyGlRCyWpEq9MmCS:Ukwkn9IMHeadYlGZ9aPCS
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Suspicious use of SetThreadContext
-