General
-
Target
MACHINE QUOTATION #ALAM11222.exe
-
Size
514KB
-
Sample
221104-g5gq6scch2
-
MD5
afa3e4b992ae2325ad061289101b8a28
-
SHA1
7dab913d9e2829acae4fec7abdb27fc1a8278d30
-
SHA256
f4742eb31c8b2c6dfd22b03aefe30d4891d50f88e70b5bc27dae05fb3a615d69
-
SHA512
2aae76053b0015cc3989d35599b1f17f17cd5a9cf831f6e024ee39d268eed59d111ba812d6ca5a995af1f9c174351a25f6ec79e45e581b9b9733b5149738f24c
-
SSDEEP
12288:520TSd3on0aEfl+hwiNJ+noA5+2P/vpyzLtB+/Bj84jCBB:nTjncswlnoyl/Bg/+/6KAB
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.code-jet.com - Port:
21 - Username:
[email protected] - Password:
F$T3)1@zYr&V
Targets
-
-
Target
MACHINE QUOTATION #ALAM11222.exe
-
Size
514KB
-
MD5
afa3e4b992ae2325ad061289101b8a28
-
SHA1
7dab913d9e2829acae4fec7abdb27fc1a8278d30
-
SHA256
f4742eb31c8b2c6dfd22b03aefe30d4891d50f88e70b5bc27dae05fb3a615d69
-
SHA512
2aae76053b0015cc3989d35599b1f17f17cd5a9cf831f6e024ee39d268eed59d111ba812d6ca5a995af1f9c174351a25f6ec79e45e581b9b9733b5149738f24c
-
SSDEEP
12288:520TSd3on0aEfl+hwiNJ+noA5+2P/vpyzLtB+/Bj84jCBB:nTjncswlnoyl/Bg/+/6KAB
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-