General
-
Target
EA-0052578-76NATIONAL-CHILE.js
-
Size
9KB
-
Sample
221207-n4mz5ahc8x
-
MD5
37e730fea347640f0f05f5a19edf27cb
-
SHA1
4a21133bf81b0eb9c0617bb0dd8c11bb60c304ef
-
SHA256
1a458d3d0c74461aa285c58dba89cde96e3640c32fb5d0a58ab4af03cd5f47ae
-
SHA512
fbe172d798a3a9b16991cac88ae61fc67a7317b4bc372a7291cbbc0f542cc347866108de7a12139cf8726b373bdbdad78099689232b763c9a87951ad1147ba8c
-
SSDEEP
192:wXagjk3BDdUvDvgOxTVFZWimckvF5nCvFCwQdMrjx0nh1WS+SYHf1BVMZQgOZEuS:wqYkRdUvD9VEiONBu5+a/tT32CQaHiP
Malware Config
Extracted
Protocol: smtp- Host:
smtp.leonardfood.com - Port:
587 - Username:
[email protected] - Password:
K@rimi95
Extracted
agenttesla
Protocol: smtp- Host:
smtp.leonardfood.com - Port:
587 - Username:
[email protected] - Password:
K@rimi95 - Email To:
[email protected]
Targets
-
-
Target
EA-0052578-76NATIONAL-CHILE.js
-
Size
9KB
-
MD5
37e730fea347640f0f05f5a19edf27cb
-
SHA1
4a21133bf81b0eb9c0617bb0dd8c11bb60c304ef
-
SHA256
1a458d3d0c74461aa285c58dba89cde96e3640c32fb5d0a58ab4af03cd5f47ae
-
SHA512
fbe172d798a3a9b16991cac88ae61fc67a7317b4bc372a7291cbbc0f542cc347866108de7a12139cf8726b373bdbdad78099689232b763c9a87951ad1147ba8c
-
SSDEEP
192:wXagjk3BDdUvDvgOxTVFZWimckvF5nCvFCwQdMrjx0nh1WS+SYHf1BVMZQgOZEuS:wqYkRdUvD9VEiONBu5+a/tT32CQaHiP
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-