General
-
Target
b3e2bef59a02114e01c79b00bbd3142e804ddf8734acf745b87e99d3bbf2982a
-
Size
1.3MB
-
Sample
241102-bsp9wsyqam
-
MD5
831b82b377c73df3c2e947de621d3097
-
SHA1
20decf1eda8f6b6806879cdc7b7254f57b0de905
-
SHA256
b3e2bef59a02114e01c79b00bbd3142e804ddf8734acf745b87e99d3bbf2982a
-
SHA512
f8316197c452dadc62a178bddf4ca8f6e8e7bcb0f42e17725ed6ff5e2304f674f056db0fb19662d831badef3a4ec5996f5ed685441fb12cf1cacf75a72555a45
-
SSDEEP
24576:/qDEvCTbMWu7rQYlBQcBiT6rprG8a6QzBDFliimxT3wCR:/TvC/MTQYxsWR7a6QzHl6jw
Static task
static1
Behavioral task
behavioral1
Sample
b3e2bef59a02114e01c79b00bbd3142e804ddf8734acf745b87e99d3bbf2982a.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
b3e2bef59a02114e01c79b00bbd3142e804ddf8734acf745b87e99d3bbf2982a.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
graceofgod@amen
Targets
-
-
Target
b3e2bef59a02114e01c79b00bbd3142e804ddf8734acf745b87e99d3bbf2982a
-
Size
1.3MB
-
MD5
831b82b377c73df3c2e947de621d3097
-
SHA1
20decf1eda8f6b6806879cdc7b7254f57b0de905
-
SHA256
b3e2bef59a02114e01c79b00bbd3142e804ddf8734acf745b87e99d3bbf2982a
-
SHA512
f8316197c452dadc62a178bddf4ca8f6e8e7bcb0f42e17725ed6ff5e2304f674f056db0fb19662d831badef3a4ec5996f5ed685441fb12cf1cacf75a72555a45
-
SSDEEP
24576:/qDEvCTbMWu7rQYlBQcBiT6rprG8a6QzBDFliimxT3wCR:/TvC/MTQYxsWR7a6QzHl6jw
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
AgentTesla payload
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-