General
-
Target
REQUEST FOR QUOTE_2903023.exe
-
Size
236KB
-
Sample
230329-qp27lsaa9v
-
MD5
c76926fe2e6369b957d05db93e8e74f8
-
SHA1
926cdcd023f2ea320afb33e3cb04a24a778697e5
-
SHA256
d5ad50f67a5df4c6b103b5b163414cc27533d2458f4d4f89cf1e762cdc629e47
-
SHA512
53b562cd7c207bba932ce5c20f9bef4a578928637edbd8e927630d0c23b3e2b12a24b3aa1aef82f83637c3e01060ca23ede2f5398f42e68877d6affdefa95af1
-
SSDEEP
3072:h6xtLGaU+EwkgYIEBAtyM5PCSaERxlJDT9/DJmebGp3NoFLP6KBkLy9yiKC0gAm6:h6zLMjsY7AAM5PCSnJ57Jm9puL76+cI
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.redseatransportuae.com - Port:
587 - Username:
[email protected] - Password:
method10@10 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.redseatransportuae.com - Port:
587 - Username:
[email protected] - Password:
method10@10
Targets
-
-
Target
REQUEST FOR QUOTE_2903023.exe
-
Size
236KB
-
MD5
c76926fe2e6369b957d05db93e8e74f8
-
SHA1
926cdcd023f2ea320afb33e3cb04a24a778697e5
-
SHA256
d5ad50f67a5df4c6b103b5b163414cc27533d2458f4d4f89cf1e762cdc629e47
-
SHA512
53b562cd7c207bba932ce5c20f9bef4a578928637edbd8e927630d0c23b3e2b12a24b3aa1aef82f83637c3e01060ca23ede2f5398f42e68877d6affdefa95af1
-
SSDEEP
3072:h6xtLGaU+EwkgYIEBAtyM5PCSaERxlJDT9/DJmebGp3NoFLP6KBkLy9yiKC0gAm6:h6zLMjsY7AAM5PCSnJ57Jm9puL76+cI
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-