General
-
Target
2caa6f030ba5361a6d86ee2faaed3473b7ea25c5dfae745f9065b3091aae5e60
-
Size
626KB
-
Sample
220521-bw55hscfb3
-
MD5
1b1e230d78c70f312584c340fba076dd
-
SHA1
ffdc32dcbab947f72243517bc0193d650e94785e
-
SHA256
2caa6f030ba5361a6d86ee2faaed3473b7ea25c5dfae745f9065b3091aae5e60
-
SHA512
00005865536ae5beff8cc7d563db2ec0f4c2d524c71690da05fe1f33eb2b3e6942de21abcd589c5e75f382dd248a2ecffc0915e27e4c9172606cc8925849b115
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
1104780540cuome@123
Targets
-
-
Target
Part List_bidding.exe
-
Size
565KB
-
MD5
36233073fcb133255abb10ea7e1b9040
-
SHA1
3fc69e192828bea7a37e16d477df63ee53d9ef85
-
SHA256
61f179ab9d877a4089f3a2e21db9d62537a9181fe6f58ba81a9eb2b0c45ac3a5
-
SHA512
c4da1a0a5a482a5b555168ef725f4c802640d997e641c35bbac2004251fb89d81e067c7e7ac3c87382496f6924f477e7c9fb58676ec451892bb3bb2cdf4dbc5e
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-