General
-
Target
fa5392813def2278a7df646d987f8f795370b034d2c5d8a485d331c7a6a5662cN
-
Size
1.1MB
-
Sample
240921-s9sj1szfqe
-
MD5
b4a8d78ac7a0d021a952df540f19ba40
-
SHA1
176b0680ef8bfaab4dc13c46d40cfd914fcb662f
-
SHA256
fa5392813def2278a7df646d987f8f795370b034d2c5d8a485d331c7a6a5662c
-
SHA512
dd2aa4cb916c93082434f0a451f8ae736da1382a363c206f08b790e57f32727da401c4487db6e7413d5ef3471451ed43e9a066065d27a9ef7aef57a58f1fc829
-
SSDEEP
24576:RRmJkcoQricOIQxiZY1ia7uz53U3YwvIL0BJCF/yXYi3:eJZoQrbTFZY1ia7uzFUPBz3
Static task
static1
Behavioral task
behavioral1
Sample
fa5392813def2278a7df646d987f8f795370b034d2c5d8a485d331c7a6a5662cN.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fa5392813def2278a7df646d987f8f795370b034d2c5d8a485d331c7a6a5662cN.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.solucionesmexico.mx - Port:
587 - Username:
[email protected] - Password:
Qdk,[nKrmI0j - Email To:
[email protected]
Targets
-
-
Target
fa5392813def2278a7df646d987f8f795370b034d2c5d8a485d331c7a6a5662cN
-
Size
1.1MB
-
MD5
b4a8d78ac7a0d021a952df540f19ba40
-
SHA1
176b0680ef8bfaab4dc13c46d40cfd914fcb662f
-
SHA256
fa5392813def2278a7df646d987f8f795370b034d2c5d8a485d331c7a6a5662c
-
SHA512
dd2aa4cb916c93082434f0a451f8ae736da1382a363c206f08b790e57f32727da401c4487db6e7413d5ef3471451ed43e9a066065d27a9ef7aef57a58f1fc829
-
SSDEEP
24576:RRmJkcoQricOIQxiZY1ia7uz53U3YwvIL0BJCF/yXYi3:eJZoQrbTFZY1ia7uzFUPBz3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-