General
-
Target
c9b9ec62eb3e14b95dcba0eb3e0226cf936d29fb03bbf81f5193e55268fd7d1a.rar
-
Size
939KB
-
Sample
240917-by8cnazarp
-
MD5
57b907d2ca42ad6d5a341571ad3b2597
-
SHA1
dd01f628ece43b46ee01a674a9b7ed366f6b7f6a
-
SHA256
c9b9ec62eb3e14b95dcba0eb3e0226cf936d29fb03bbf81f5193e55268fd7d1a
-
SHA512
5e6f631571b187a8d434084d7a0fe5acf3f54c7b738a2d55f4d765be42b1117f4342af13bcb28fb6aa617ffe00a29fceea94d10b732ce1fee8a4533f578eb76b
-
SSDEEP
24576:OeFYeR3C1FnflXxfwuIB+M3Ha95mLVeuMw0E:rNy15tXpw5B76TmYuMw0E
Static task
static1
Behavioral task
behavioral1
Sample
MJI5380328-PQX82938839039-HW7V89292999.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
MJI5380328-PQX82938839039-HW7V89292999.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp8nl.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
tank576$%)&** - Email To:
[email protected]
Targets
-
-
Target
MJI5380328-PQX82938839039-HW7V89292999.exe
-
Size
1.5MB
-
MD5
b164dfd51cba1133766fb4e7266d91c3
-
SHA1
e1d94a2f32700d2241a47e2e85d7022312c5aaee
-
SHA256
b022a18a5fb9dee80dee6dd38efea10871455da10d8154fbba8b069c9965ef4b
-
SHA512
39b77b3e501ab233eb7093d95dbe32675d30f931090b43ea252723f7ddcd05a5525c4e912aa85ef719428f96df3a334a9f4f5643a60b449a7070df8afa68f5cf
-
SSDEEP
24576:pqDEvCTbMWu7rQYlBQcBiT6rprG8aC4NX8C3g7qKTFK9mES5w8Q1Oo8RU:pTvC/MTQYxsWR7aCy5gnTzI+o
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Suspicious use of SetThreadContext
-