General
-
Target
ce039bcd4672b566536e4ad1c125f6b8.bin
-
Size
736KB
-
Sample
230330-cdm2nacc4v
-
MD5
2cee2bcbf4a36cd2f596f2acd0036ace
-
SHA1
787ec2371a9ab9814512ea54300a68225640f5df
-
SHA256
8b357299750f69a6100fa9363573ba110f9980913e9a04cdb453d4b3c93afafb
-
SHA512
0e214ccdf15c813be87b87d3bb386fb49015ce4c659f9defb3b18de808a03a3f9fb1e02c3b521c7573290887b3cffc25889296815e14ded35084aee9b56e4091
-
SSDEEP
12288:UV0f47E7n7ryl2ZfC5lL2KJx1p2l5AuJSWyhiFfOsKXeOYuHOXzFqN32Hq6v/:UV0UET7ryl2Z6NpATMliFPGfHOXzFJH9
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.redseatransportuae.com - Port:
587 - Username:
[email protected] - Password:
method10@10 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.redseatransportuae.com - Port:
587 - Username:
[email protected] - Password:
method10@10
Targets
-
-
Target
1ece69250479067fb51414e7c01b699b5db1e7459c8e640c2ef6d431dfa9f280.exe
-
Size
967KB
-
MD5
ce039bcd4672b566536e4ad1c125f6b8
-
SHA1
a7361a87dadd9f10e161f96c55c6f5638324b812
-
SHA256
1ece69250479067fb51414e7c01b699b5db1e7459c8e640c2ef6d431dfa9f280
-
SHA512
cdbc9bd03dd1be617c1a66cdd5c7181b1baf6b43c3a3489d9b9a823468c187155a1b12c26a5b3952cf1f8d572b3da04aff3f3cb6c931a2b16d116eb3ec079209
-
SSDEEP
12288:YUJB0OiBEjKTIGy3aXM6GxS+pxuToRzIwpAJpyHcmnE9ZoH/s1auGqKGloF8O2/f:R5jKU6XMOqxd3pTHcmE/QuGc5DB
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-