General
-
Target
a5102380ab2e18a46170b94277940e8568eaa2ab
-
Size
723KB
-
Sample
230111-qbxd7sgd9w
-
MD5
d70b4cb4e031364f2feed4cd6a4832fd
-
SHA1
a5102380ab2e18a46170b94277940e8568eaa2ab
-
SHA256
e18b65850a6147b9ece9b7f2d8268303cdfa39c3c2ade801119f79191a6bc039
-
SHA512
3f75b741f3ccac65be57524d3d65eada002d32ce0531f1d50bacc91a751a403de19c17402a0116bf058916eaa3b3c888c7fc980bd9d2a91a501d46e9fa02f9f0
-
SSDEEP
12288:ERIOSw4qE4iVV/r7VWCWEErm+CAh7tT8WbFWFeUyZyZKd2fhc8gfzGY3c:iIOaqEZV/NWCWEE6ZS7tzvyZK0JFgfzC
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Da8@b!Gj!#zY4K
Targets
-
-
Target
a5102380ab2e18a46170b94277940e8568eaa2ab
-
Size
723KB
-
MD5
d70b4cb4e031364f2feed4cd6a4832fd
-
SHA1
a5102380ab2e18a46170b94277940e8568eaa2ab
-
SHA256
e18b65850a6147b9ece9b7f2d8268303cdfa39c3c2ade801119f79191a6bc039
-
SHA512
3f75b741f3ccac65be57524d3d65eada002d32ce0531f1d50bacc91a751a403de19c17402a0116bf058916eaa3b3c888c7fc980bd9d2a91a501d46e9fa02f9f0
-
SSDEEP
12288:ERIOSw4qE4iVV/r7VWCWEErm+CAh7tT8WbFWFeUyZyZKd2fhc8gfzGY3c:iIOaqEZV/NWCWEE6ZS7tzvyZK0JFgfzC
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-