General
-
Target
inquiry IN-purchase no.00048075063.gz
-
Size
5KB
-
Sample
221027-pebfgacbdk
-
MD5
fb0ca5e985468f2225d0b385746ff6d1
-
SHA1
41977b0b79fa911e25a7a85e6715ae05d63a4e30
-
SHA256
94051fded4b724c89a79985073ecb256af69c26c0e3aff140507184f9436abeb
-
SHA512
7fc3c661bb7108fcafeb781ca2674a8a84e426633843fc8065c02dd0e3955bbd5be76719c455deff43429f5602be4eb543edeaf26b463f55e8cef489a26833bd
-
SSDEEP
96:s9WuvYZPPeIHAa+oAdHmpbeARlcGp+0cVNt7BnbdNLL7Zgx:zumPtudIs3DBbdNWx
Malware Config
Extracted
https://mgcpakistan.com/c12.txt
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.lemendoza.com - Port:
21 - Username:
[email protected] - Password:
boygirl123456
Targets
-
-
Target
inquiry IN-purchase no.00048075063.chm
-
Size
13KB
-
MD5
6f6236aed55a7ce730284128bceb4d47
-
SHA1
1286c98d5e74865d04394c87dd49ba21fab25e0f
-
SHA256
6d21db2610c241baca4a885f334f9670978ba5a0a055247ff171fa5157588ff9
-
SHA512
49d64d41e1f17ba7488e74c58b116653bad749e49b9023eb3b09f70039be1848e93f2cfeee9e828c508d6c7d79775b02f86781a5a571d32ad3f7f03b05ebc888
-
SSDEEP
96:tmdZnn+YwcqkFm2wCXU0bZGLo2C/XgnLwZYCleVe+IF+kTbTFU553rc+nlq/e8Bx:tmdLwcJXhZDV/gtC8elrTFU513lqx3
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-