General
-
Target
32dd3fff0f61aab860e6f50e2ad3b8ca
-
Size
769KB
-
Sample
240913-2f4vmatbqg
-
MD5
32dd3fff0f61aab860e6f50e2ad3b8ca
-
SHA1
01b99169e4cb5bfb2282a7b766725f9d6e472c92
-
SHA256
700f3ac0cc9b1a26ba213ebcf344af38972795efbbf01a56b3b0190790838c8a
-
SHA512
fedaa7a8c93c96723a5dfb896cbf0ee70c082fa23cd22b7cbcbdfb342d99bb31c50073ebdebe7adeaf2cc38946d8267d884b8f16962c96c7605c02006045534e
-
SSDEEP
12288:30cmlfRrt583KWgr8L5R/dh/ygyn8dcIq8Lr8i6b7L8uKwnRk/xO6MjvLe8:OfRrtudgreth/r8NvzKwnRk/UvLe8
Static task
static1
Behavioral task
behavioral1
Sample
32dd3fff0f61aab860e6f50e2ad3b8ca.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
32dd3fff0f61aab860e6f50e2ad3b8ca.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
bayermlb.com - Port:
587 - Username:
[email protected] - Password:
belnel@123
Targets
-
-
Target
32dd3fff0f61aab860e6f50e2ad3b8ca
-
Size
769KB
-
MD5
32dd3fff0f61aab860e6f50e2ad3b8ca
-
SHA1
01b99169e4cb5bfb2282a7b766725f9d6e472c92
-
SHA256
700f3ac0cc9b1a26ba213ebcf344af38972795efbbf01a56b3b0190790838c8a
-
SHA512
fedaa7a8c93c96723a5dfb896cbf0ee70c082fa23cd22b7cbcbdfb342d99bb31c50073ebdebe7adeaf2cc38946d8267d884b8f16962c96c7605c02006045534e
-
SSDEEP
12288:30cmlfRrt583KWgr8L5R/dh/ygyn8dcIq8Lr8i6b7L8uKwnRk/xO6MjvLe8:OfRrtudgreth/r8NvzKwnRk/UvLe8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-