General
-
Target
PAYMENT SLIP.exe
-
Size
481KB
-
Sample
221202-k1mneafd3x
-
MD5
4f88b5c2537d2286b6efee0d354bd0f3
-
SHA1
03cf0320be7b2384e17d7bbd417fd826f8a1c22c
-
SHA256
24934cfda7f567024000d0992958608ecfcd576e72f9b2f497676f9cf87d8802
-
SHA512
cd0910f57861de77d7edc493f779b3709ac66bfc7e2795ceed91dbadee5353f18d3a2572f8af019b05d560723b51e5b01d28b813459e17cde417c1ab173b1d23
-
SSDEEP
12288:yrPi+LmpMALMXR0sZIU6aMU3ilnzILPSdwcxe:yrJfQMXFIU3VSlzIEwcxe
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.elec-qatar.com - Port:
587 - Username:
[email protected] - Password:
MHabrar2019@# - Email To:
[email protected]
Targets
-
-
Target
PAYMENT SLIP.exe
-
Size
481KB
-
MD5
4f88b5c2537d2286b6efee0d354bd0f3
-
SHA1
03cf0320be7b2384e17d7bbd417fd826f8a1c22c
-
SHA256
24934cfda7f567024000d0992958608ecfcd576e72f9b2f497676f9cf87d8802
-
SHA512
cd0910f57861de77d7edc493f779b3709ac66bfc7e2795ceed91dbadee5353f18d3a2572f8af019b05d560723b51e5b01d28b813459e17cde417c1ab173b1d23
-
SSDEEP
12288:yrPi+LmpMALMXR0sZIU6aMU3ilnzILPSdwcxe:yrJfQMXFIU3VSlzIEwcxe
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-