General
-
Target
8ca6c923c4635a2359c91abcfd96c49cc9d324c32c955ba307f9f3615fa188a5
-
Size
720KB
-
Sample
221130-phsh6ach5x
-
MD5
e267723d89607c8ccd079cb8313e5745
-
SHA1
5cd0eb9a68066210b62c38600a5eac848fb89143
-
SHA256
8ca6c923c4635a2359c91abcfd96c49cc9d324c32c955ba307f9f3615fa188a5
-
SHA512
c8e0821aeff3c3ab079353773a40bbd22c5edbf9d93437ca072eb8538af587b6abd68b29e5febc0ad7b05574b0445222141a928e153166897f0cc8cfa472d674
-
SSDEEP
12288:k8M+PhoupkVLmp8F7vM3uTAcynDtzpuKvGYolPloCx1mX53wk6DG34v:k8LPhoSzAWGPO6e3vQS4
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.mail.ru - Port:
587 - Username:
[email protected] - Password:
sara@200million2
Targets
-
-
Target
8ca6c923c4635a2359c91abcfd96c49cc9d324c32c955ba307f9f3615fa188a5
-
Size
720KB
-
MD5
e267723d89607c8ccd079cb8313e5745
-
SHA1
5cd0eb9a68066210b62c38600a5eac848fb89143
-
SHA256
8ca6c923c4635a2359c91abcfd96c49cc9d324c32c955ba307f9f3615fa188a5
-
SHA512
c8e0821aeff3c3ab079353773a40bbd22c5edbf9d93437ca072eb8538af587b6abd68b29e5febc0ad7b05574b0445222141a928e153166897f0cc8cfa472d674
-
SSDEEP
12288:k8M+PhoupkVLmp8F7vM3uTAcynDtzpuKvGYolPloCx1mX53wk6DG34v:k8LPhoSzAWGPO6e3vQS4
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-