General
-
Target
Commercial Invoice.exe
-
Size
979KB
-
Sample
221202-khl9xsdh4w
-
MD5
b5a0914788f8416e6dabdf9b429dc11c
-
SHA1
6d16e1f6412532e51d75cadaa8fa69eee4292574
-
SHA256
97c28174a64eab003f2a1b2f4a742acbcbb8394249d136d176c19711908da21a
-
SHA512
7e87a469c196df7a6cf51c944463e9c49803b121f940f32186cdde4019e8adcc6369bd15ec7324ad0a3191e13edc6886e331f3a5f64e630f103a378b4e3841e9
-
SSDEEP
12288:BpUYuX15nN8eY+ceSigcvnvlVQjL9QzX7BIBi8pV4VpQWsNTAzc1NfpHsVfdcn:Cl5W+SM34jJQ5B8pnzTccOI
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dmstech.in - Port:
587 - Username:
[email protected] - Password:
0]6F9Az.pqfd - Email To:
[email protected]
Targets
-
-
Target
Commercial Invoice.exe
-
Size
979KB
-
MD5
b5a0914788f8416e6dabdf9b429dc11c
-
SHA1
6d16e1f6412532e51d75cadaa8fa69eee4292574
-
SHA256
97c28174a64eab003f2a1b2f4a742acbcbb8394249d136d176c19711908da21a
-
SHA512
7e87a469c196df7a6cf51c944463e9c49803b121f940f32186cdde4019e8adcc6369bd15ec7324ad0a3191e13edc6886e331f3a5f64e630f103a378b4e3841e9
-
SSDEEP
12288:BpUYuX15nN8eY+ceSigcvnvlVQjL9QzX7BIBi8pV4VpQWsNTAzc1NfpHsVfdcn:Cl5W+SM34jJQ5B8pnzTccOI
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-