General
-
Target
Urgent_order.exe
-
Size
835KB
-
Sample
221206-rrvqzsaa9s
-
MD5
1a09e55b17fbad193d6ea59141e99af3
-
SHA1
c98e46fa36ca059fc60410f6a1ef63c5e0105406
-
SHA256
cdfd4abe8daf16a0cb1898296266e905bd83b71402c618ce6468201328083970
-
SHA512
e08447c838a12923412eef2c768a28b5ac94653879ec48b3dec3d259371709e40e00f9a4d04f856108d2997ce9d4fd848ceab72e5190bb40d2f5078807bb7ab4
-
SSDEEP
12288:nEVq7vSbmbznkZyYLN8O3oy2Og45URkq2KlSwx7IkN3n:97qmbCN8O4mgH7Qw+m3
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pumaelektrik.com - Port:
587 - Username:
[email protected] - Password:
cspen@#$123 - Email To:
[email protected]
Targets
-
-
Target
Urgent_order.exe
-
Size
835KB
-
MD5
1a09e55b17fbad193d6ea59141e99af3
-
SHA1
c98e46fa36ca059fc60410f6a1ef63c5e0105406
-
SHA256
cdfd4abe8daf16a0cb1898296266e905bd83b71402c618ce6468201328083970
-
SHA512
e08447c838a12923412eef2c768a28b5ac94653879ec48b3dec3d259371709e40e00f9a4d04f856108d2997ce9d4fd848ceab72e5190bb40d2f5078807bb7ab4
-
SSDEEP
12288:nEVq7vSbmbznkZyYLN8O3oy2Og45URkq2KlSwx7IkN3n:97qmbCN8O4mgH7Qw+m3
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-