General
-
Target
293df280f6f5ddcf8496f8a81bb25013c2b18085f4c4454db3b5581be3129711
-
Size
528KB
-
Sample
241122-bljtja1mds
-
MD5
4b17547324dba526ddafc86c6368f645
-
SHA1
026ed98d3722601686782e8601eb76dcafbfdc92
-
SHA256
293df280f6f5ddcf8496f8a81bb25013c2b18085f4c4454db3b5581be3129711
-
SHA512
ade2c5a7208f3ada3521c37e3963485da2d4cf592ee3009b4a10a07d9505c14746b4fc2424ee0cb93c84f439ac0224dcfbbe1741c70d0558a9cca926a147a63f
-
SSDEEP
12288:KOywMuiR3dtTTEJAW4wuMqnZsfTaUHSXEjzZH5mLhavOXgt3omitl9c:KN9uiR3bn2AW7aq+USXEXgIr
Static task
static1
Behavioral task
behavioral1
Sample
293df280f6f5ddcf8496f8a81bb25013c2b18085f4c4454db3b5581be3129711.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
293df280f6f5ddcf8496f8a81bb25013c2b18085f4c4454db3b5581be3129711.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Galadinma26
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Galadinma26
Targets
-
-
Target
293df280f6f5ddcf8496f8a81bb25013c2b18085f4c4454db3b5581be3129711
-
Size
528KB
-
MD5
4b17547324dba526ddafc86c6368f645
-
SHA1
026ed98d3722601686782e8601eb76dcafbfdc92
-
SHA256
293df280f6f5ddcf8496f8a81bb25013c2b18085f4c4454db3b5581be3129711
-
SHA512
ade2c5a7208f3ada3521c37e3963485da2d4cf592ee3009b4a10a07d9505c14746b4fc2424ee0cb93c84f439ac0224dcfbbe1741c70d0558a9cca926a147a63f
-
SSDEEP
12288:KOywMuiR3dtTTEJAW4wuMqnZsfTaUHSXEjzZH5mLhavOXgt3omitl9c:KN9uiR3bn2AW7aq+USXEXgIr
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
AgentTesla payload
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-