General
-
Target
SecuriteInfo.com.Trojan.PackedNET.1685.14272.26861.exe
-
Size
600KB
-
Sample
221123-xdgj4aef68
-
MD5
e6a9b49b2b2cdc886b17dd34710e0fa5
-
SHA1
62e08a646d6d759bcd0d8de2beee33734a01b2f4
-
SHA256
4007a191bcf0d851a08b5d62c81bf2a011464c94b28bfcd477f839a5684563d8
-
SHA512
febf0cd250786327ffaef94aaa1e6adf580af66bb3af497d6d272dd5a0d3bb749e8e49084332f5e829aac389fea15f6fbc1e95820447651e02c7c361cc76c692
-
SSDEEP
12288:IGrOx3G6pUoD7IMwM8GzwTlEl+S6g+tSABfUnkHXW0FHooQBaC6EJq2okLGe9gLf:IGre6g+tSuUYXW0FIvBgseL13yl
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.hostinger.com - Port:
587 - Username:
[email protected] - Password:
lOg123@@
Targets
-
-
Target
SecuriteInfo.com.Trojan.PackedNET.1685.14272.26861.exe
-
Size
600KB
-
MD5
e6a9b49b2b2cdc886b17dd34710e0fa5
-
SHA1
62e08a646d6d759bcd0d8de2beee33734a01b2f4
-
SHA256
4007a191bcf0d851a08b5d62c81bf2a011464c94b28bfcd477f839a5684563d8
-
SHA512
febf0cd250786327ffaef94aaa1e6adf580af66bb3af497d6d272dd5a0d3bb749e8e49084332f5e829aac389fea15f6fbc1e95820447651e02c7c361cc76c692
-
SSDEEP
12288:IGrOx3G6pUoD7IMwM8GzwTlEl+S6g+tSABfUnkHXW0FHooQBaC6EJq2okLGe9gLf:IGre6g+tSuUYXW0FIvBgseL13yl
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-