General
-
Target
8eb3e44e674b6de99f23682ee8bc103d6f9f1bbb3b2a27e26dd8e358d69a8e5c
-
Size
2.4MB
-
Sample
240630-bc7h8s1cqb
-
MD5
857f5541615746f6497138f5c5a1b2ab
-
SHA1
1f900aa6a6f6b2c6efad064721dc5e0bbcb08fc4
-
SHA256
8eb3e44e674b6de99f23682ee8bc103d6f9f1bbb3b2a27e26dd8e358d69a8e5c
-
SHA512
2a1c9b4c4687bdb72dd53926c9957594d1bb2dd68bd4c9060ea6971d179f45a4d1d626ea2decfff3d94b5cf7ed848c80920126ef63a26214d056a629145c544b
-
SSDEEP
49152:COp8FE9CCy3++Mqmzetum6rlC5Sp3W6moVCiFCs/kb5K:COESN44gum6rlCsNj4xb5
Static task
static1
Behavioral task
behavioral1
Sample
8eb3e44e674b6de99f23682ee8bc103d6f9f1bbb3b2a27e26dd8e358d69a8e5c.exe
Resource
win7-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.winnerawards.ae - Port:
587 - Username:
[email protected] - Password:
azharwinner - Email To:
[email protected]
Targets
-
-
Target
8eb3e44e674b6de99f23682ee8bc103d6f9f1bbb3b2a27e26dd8e358d69a8e5c
-
Size
2.4MB
-
MD5
857f5541615746f6497138f5c5a1b2ab
-
SHA1
1f900aa6a6f6b2c6efad064721dc5e0bbcb08fc4
-
SHA256
8eb3e44e674b6de99f23682ee8bc103d6f9f1bbb3b2a27e26dd8e358d69a8e5c
-
SHA512
2a1c9b4c4687bdb72dd53926c9957594d1bb2dd68bd4c9060ea6971d179f45a4d1d626ea2decfff3d94b5cf7ed848c80920126ef63a26214d056a629145c544b
-
SSDEEP
49152:COp8FE9CCy3++Mqmzetum6rlC5Sp3W6moVCiFCs/kb5K:COESN44gum6rlCsNj4xb5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Suspicious use of SetThreadContext
-