General
-
Target
f6f0735e72c04c375410e11ee9819f4b.exe
-
Size
1.2MB
-
Sample
240916-pvmhnsxgkc
-
MD5
f6f0735e72c04c375410e11ee9819f4b
-
SHA1
5c13c6de1d4a58f85595bafc538dfcb2e59210af
-
SHA256
0d0bc3db92e427e4774d5163e82bcb2c43abea5459d2541ab7da179e1dd41364
-
SHA512
0775a1b2cc06c8f8d77a9ddf33abbe7da8d855bc00494df1f868edbeb88b0668c383e98718084422799c368957505af89c3d3a6cea7438837a8e61282b01705b
-
SSDEEP
24576:mRmJkcoQricOIQxiZY1iag3h7lhh1xIxrPlkG3FQ7GFKCzkgs6:jJZoQrbTFZY1iagx7XmZG8FKD6
Static task
static1
Behavioral task
behavioral1
Sample
f6f0735e72c04c375410e11ee9819f4b.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f6f0735e72c04c375410e11ee9819f4b.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.agaliofu.top - Port:
587 - Username:
[email protected] - Password:
QPS.6YYl.Yi= - Email To:
[email protected]
Targets
-
-
Target
f6f0735e72c04c375410e11ee9819f4b.exe
-
Size
1.2MB
-
MD5
f6f0735e72c04c375410e11ee9819f4b
-
SHA1
5c13c6de1d4a58f85595bafc538dfcb2e59210af
-
SHA256
0d0bc3db92e427e4774d5163e82bcb2c43abea5459d2541ab7da179e1dd41364
-
SHA512
0775a1b2cc06c8f8d77a9ddf33abbe7da8d855bc00494df1f868edbeb88b0668c383e98718084422799c368957505af89c3d3a6cea7438837a8e61282b01705b
-
SSDEEP
24576:mRmJkcoQricOIQxiZY1iag3h7lhh1xIxrPlkG3FQ7GFKCzkgs6:jJZoQrbTFZY1iagx7XmZG8FKD6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-