General
-
Target
d325d9ecd5d7b1e7871de63f0807aa53457f82985845a9a6a4e45c0102a9fa69
-
Size
492KB
-
Sample
221207-qwcwasfa62
-
MD5
09e1a3c55cbb5301bd7fd0999cc4258b
-
SHA1
2cd3da7a201961bf063246579b11fcbad5774994
-
SHA256
d325d9ecd5d7b1e7871de63f0807aa53457f82985845a9a6a4e45c0102a9fa69
-
SHA512
1b8021949803303619b91964551a72d986ac703c36c1db336c636cf529e8cf26a4161c1f382f27f33ca7675e8f9667dc4c6b0670c50d824d37083dbbadcdcbe8
-
SSDEEP
12288:g/64ce865hvybcRrJz2nHp31swuzv8LUpIvn:gpce865U4Rtk11s1T8D/
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.jackbarber.com - Port:
587 - Username:
sales@jackbarber.com - Password:
mqvXXv,49r(* - Email To:
armkmc2017@gmail.com
Targets
-
-
Target
d325d9ecd5d7b1e7871de63f0807aa53457f82985845a9a6a4e45c0102a9fa69
-
Size
492KB
-
MD5
09e1a3c55cbb5301bd7fd0999cc4258b
-
SHA1
2cd3da7a201961bf063246579b11fcbad5774994
-
SHA256
d325d9ecd5d7b1e7871de63f0807aa53457f82985845a9a6a4e45c0102a9fa69
-
SHA512
1b8021949803303619b91964551a72d986ac703c36c1db336c636cf529e8cf26a4161c1f382f27f33ca7675e8f9667dc4c6b0670c50d824d37083dbbadcdcbe8
-
SSDEEP
12288:g/64ce865hvybcRrJz2nHp31swuzv8LUpIvn:gpce865U4Rtk11s1T8D/
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-