General
-
Target
6485c53b3856bc435502490d0337c2bb.exe
-
Size
1.4MB
-
Sample
221125-w9f3rsae2s
-
MD5
6485c53b3856bc435502490d0337c2bb
-
SHA1
eb9369983e8b4579f9219e2882b955d36f55a653
-
SHA256
1ecb491558de8c62b18aaa99230be6620a9ebe3fb7f3ea938a82fa05bcf110f9
-
SHA512
1306c2dd664c8d729df43c587201d083f6ada6c2d3c56e35187129ec64fad5230e5338ee674515794faabba240c8f143d4974bd0962254552c72b782d77fb1d1
-
SSDEEP
12288:ddOw3d/KnMP2hWiv4L2jH9nlSNfUu4OJetOSNK:DT3RKnMPqbgLs6fgcSNK
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
server196.web-hosting.com - Port:
587 - Username:
[email protected] - Password:
lagos@123 - Email To:
[email protected]
Targets
-
-
Target
6485c53b3856bc435502490d0337c2bb.exe
-
Size
1.4MB
-
MD5
6485c53b3856bc435502490d0337c2bb
-
SHA1
eb9369983e8b4579f9219e2882b955d36f55a653
-
SHA256
1ecb491558de8c62b18aaa99230be6620a9ebe3fb7f3ea938a82fa05bcf110f9
-
SHA512
1306c2dd664c8d729df43c587201d083f6ada6c2d3c56e35187129ec64fad5230e5338ee674515794faabba240c8f143d4974bd0962254552c72b782d77fb1d1
-
SSDEEP
12288:ddOw3d/KnMP2hWiv4L2jH9nlSNfUu4OJetOSNK:DT3RKnMPqbgLs6fgcSNK
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-