General
-
Target
Invoice and account details.exe
-
Size
780KB
-
Sample
220520-2dgx3saccq
-
MD5
8c6b090f2ca2b6fb6965413ab9f8d1f0
-
SHA1
97132523bef698a37aeb05076a47e3b212918c19
-
SHA256
61efb23e76e60df8af99f72b87149638f3115219c44776e82e02731a199a5a83
-
SHA512
2ed9be1a05f6dfe507d8a81870112597f6d4f123abaec230bdfbcc0d2b5355e1c9d1a6554383cc99f34ba808aa513c17e0ac07b367433223717d93f191194054
Malware Config
Extracted
Protocol: smtp- Host:
mail.oceanskylogistics.in - Port:
587 - Username:
[email protected] - Password:
OcE@n@123$
Extracted
agenttesla
Protocol: smtp- Host:
mail.oceanskylogistics.in - Port:
587 - Username:
[email protected] - Password:
OcE@n@123$ - Email To:
[email protected]
Targets
-
-
Target
Invoice and account details.exe
-
Size
780KB
-
MD5
8c6b090f2ca2b6fb6965413ab9f8d1f0
-
SHA1
97132523bef698a37aeb05076a47e3b212918c19
-
SHA256
61efb23e76e60df8af99f72b87149638f3115219c44776e82e02731a199a5a83
-
SHA512
2ed9be1a05f6dfe507d8a81870112597f6d4f123abaec230bdfbcc0d2b5355e1c9d1a6554383cc99f34ba808aa513c17e0ac07b367433223717d93f191194054
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
suricata: ET MALWARE AgentTesla Exfil Via SMTP
suricata: ET MALWARE AgentTesla Exfil Via SMTP
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-