General
-
Target
MJI5380328-PQX82938839039-HW7V89292999.exe
-
Size
1.5MB
-
Sample
240916-paa9xawhjl
-
MD5
b164dfd51cba1133766fb4e7266d91c3
-
SHA1
e1d94a2f32700d2241a47e2e85d7022312c5aaee
-
SHA256
b022a18a5fb9dee80dee6dd38efea10871455da10d8154fbba8b069c9965ef4b
-
SHA512
39b77b3e501ab233eb7093d95dbe32675d30f931090b43ea252723f7ddcd05a5525c4e912aa85ef719428f96df3a334a9f4f5643a60b449a7070df8afa68f5cf
-
SSDEEP
24576:pqDEvCTbMWu7rQYlBQcBiT6rprG8aC4NX8C3g7qKTFK9mES5w8Q1Oo8RU:pTvC/MTQYxsWR7aCy5gnTzI+o
Static task
static1
Behavioral task
behavioral1
Sample
MJI5380328-PQX82938839039-HW7V89292999.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
MJI5380328-PQX82938839039-HW7V89292999.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp8nl.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
tank576$%)&** - Email To:
[email protected]
Targets
-
-
Target
MJI5380328-PQX82938839039-HW7V89292999.exe
-
Size
1.5MB
-
MD5
b164dfd51cba1133766fb4e7266d91c3
-
SHA1
e1d94a2f32700d2241a47e2e85d7022312c5aaee
-
SHA256
b022a18a5fb9dee80dee6dd38efea10871455da10d8154fbba8b069c9965ef4b
-
SHA512
39b77b3e501ab233eb7093d95dbe32675d30f931090b43ea252723f7ddcd05a5525c4e912aa85ef719428f96df3a334a9f4f5643a60b449a7070df8afa68f5cf
-
SSDEEP
24576:pqDEvCTbMWu7rQYlBQcBiT6rprG8aC4NX8C3g7qKTFK9mES5w8Q1Oo8RU:pTvC/MTQYxsWR7aCy5gnTzI+o
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Suspicious use of SetThreadContext
-