General
-
Target
Invoice-OM Telentia-YX20220926A00224.exe
-
Size
652KB
-
Sample
220930-pewreadeb9
-
MD5
99789bc5320508920ea1c5cdbd05737b
-
SHA1
5f4eb9eb8b8cb946a42dab79441bead2d20c68f2
-
SHA256
511af8c57f0d44cb50d6560c0e820a5c9f6da27c307c698ffc5ccfbc57269e7d
-
SHA512
906f3aa2e74321d570dece33b84da1f718fc11f174eb41b836d6cde9e8da566226024a6620c22612225c7e3cae2a026f0f267687f9270b400106d6a1f8d00e43
-
SSDEEP
12288:ICe+6uFJ8mfqKtmO62/WJh71I1W6cYVl9v4QjFMsZNSs864:ICe1uFSbKwOz31W6cK7JjFMsZN26
Malware Config
Extracted
Protocol: smtp- Host:
multimetals.cfd - Port:
587 - Username:
[email protected] - Password:
[email protected]
Extracted
agenttesla
Protocol: smtp- Host:
multimetals.cfd - Port:
587 - Username:
application/x-www-form-urlencoded - Password:
[email protected] - Email To:
[email protected]
Targets
-
-
Target
Invoice-OM Telentia-YX20220926A00224.exe
-
Size
652KB
-
MD5
99789bc5320508920ea1c5cdbd05737b
-
SHA1
5f4eb9eb8b8cb946a42dab79441bead2d20c68f2
-
SHA256
511af8c57f0d44cb50d6560c0e820a5c9f6da27c307c698ffc5ccfbc57269e7d
-
SHA512
906f3aa2e74321d570dece33b84da1f718fc11f174eb41b836d6cde9e8da566226024a6620c22612225c7e3cae2a026f0f267687f9270b400106d6a1f8d00e43
-
SSDEEP
12288:ICe+6uFJ8mfqKtmO62/WJh71I1W6cYVl9v4QjFMsZNSs864:ICe1uFSbKwOz31W6cK7JjFMsZN26
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-