General
-
Target
dcc9d72d79623d433e08bc5dc8698e575b82ca29dcd37f1c6c9911dd3817872d
-
Size
642KB
-
Sample
240913-k4fz2awbpb
-
MD5
1e676fe2dd513ad5500dc06ef315878c
-
SHA1
ee3e902f3f16fa8fda318ce8030f218748c9af69
-
SHA256
dcc9d72d79623d433e08bc5dc8698e575b82ca29dcd37f1c6c9911dd3817872d
-
SHA512
009cc1a2384281b37b352874546d143d913cfffd5c46af7892b58544de634a0ef5ec40b1b88a5ad7cc470200184f41cb43d406a570648c38b4ae4e7a3c9ad192
-
SSDEEP
12288:SnKr5EjR20UjnA3ccRcILgSGUVhX+/YodKX1JjkPMATwxU9:7mKnw6SlXu/zCa9F9
Static task
static1
Behavioral task
behavioral1
Sample
594ba6bbb8abba31fb7474ddb8d218e456d02db0af5cd5e97b5f83e748afc6fd.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
594ba6bbb8abba31fb7474ddb8d218e456d02db0af5cd5e97b5f83e748afc6fd.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp8nl.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
@qwerty90123 - Email To:
[email protected]
Targets
-
-
Target
594ba6bbb8abba31fb7474ddb8d218e456d02db0af5cd5e97b5f83e748afc6fd.exe
-
Size
1.1MB
-
MD5
7fb82bd3ea0cd2dc23015f11623f6e31
-
SHA1
318c0ea8390cc6c132da77db41e162507c46ed76
-
SHA256
594ba6bbb8abba31fb7474ddb8d218e456d02db0af5cd5e97b5f83e748afc6fd
-
SHA512
394fd09943996ac13f3fdcfa7f882c26f07ee2660abd21592ee43e912e3127941366c8a043f8f99fbb0343fc29cc22c22d99237e5ac1a9f1bf575f0c46d06c05
-
SSDEEP
24576:94lavt0LkLL9IMixoEgeadYgyGlRCyWpEq9MmCS:Ukwkn9IMHeadYlGZ9aPCS
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Suspicious use of SetThreadContext
-