General
-
Target
Payment Remittance Advice 09132022.exe
-
Size
555KB
-
Sample
220914-l5m1eahgh2
-
MD5
e8291110ea9e92f9c3e5cd924fdd9ca4
-
SHA1
b745a080018a7042c8b5e257eb9efe8d21e74e16
-
SHA256
c5c45c729624d2c98596a78f46d634c721178f3c3e72b5e0d35e58652cc4c87f
-
SHA512
18d8fc147920be6851ca783291d0c7ae2a53fd465f819170fa9d4eb0a06d7716b9fcad1629f6b3a763c9f0f802686505f747eba19e23c902870c49c62aeb3abd
-
SSDEEP
12288:8Y1xd8I8C7XX+y+rO0g0zUjpJ2HThCyYy8Wn:bxd+Cr+5mZ+zhWWn
Malware Config
Extracted
Protocol: smtp- Host:
mx.stackmail.com - Port:
587 - Username:
[email protected] - Password:
l~clE€;{xAQd
Extracted
agenttesla
Protocol: ftp- Host:
%2B - Port:
21 - Username:
application/x-www-form-urlencoded - Password:
image/jpg
p=
Targets
-
-
Target
Payment Remittance Advice 09132022.exe
-
Size
555KB
-
MD5
e8291110ea9e92f9c3e5cd924fdd9ca4
-
SHA1
b745a080018a7042c8b5e257eb9efe8d21e74e16
-
SHA256
c5c45c729624d2c98596a78f46d634c721178f3c3e72b5e0d35e58652cc4c87f
-
SHA512
18d8fc147920be6851ca783291d0c7ae2a53fd465f819170fa9d4eb0a06d7716b9fcad1629f6b3a763c9f0f802686505f747eba19e23c902870c49c62aeb3abd
-
SSDEEP
12288:8Y1xd8I8C7XX+y+rO0g0zUjpJ2HThCyYy8Wn:bxd+Cr+5mZ+zhWWn
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-