General
-
Target
tmp
-
Size
796KB
-
Sample
230330-tf3cssdc93
-
MD5
b7fe0283cdd93788a35df6f5b541dee5
-
SHA1
20e62c66cb2c19de2d5dd69a666e7220d123b038
-
SHA256
7bb024a9f018978f826a9e3f9367f834427df51b1cda41ed11fd61701ec5d4dc
-
SHA512
5c6cf0c179733c08d5e1f3817ce2ca9b6961a0811c9ace869a19b77b3fcef8b31d5088ac722611b0a344f642cb24421a871c5ced162e249f3b63f30f67f8f7db
-
SSDEEP
12288:Wxc3xALb1QWBV+wsySEPqdyrlHgtFqZOsgdMbG4KojBgDQUPwNu5epYUUj:W4eV+wsBChHIzWbFjV/Nq
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.huiijingco.com - Port:
587 - Username:
m@huiijingco.com - Password:
lNLUrZT2 - Email To:
m@huiijingco.com
Targets
-
-
Target
tmp
-
Size
796KB
-
MD5
b7fe0283cdd93788a35df6f5b541dee5
-
SHA1
20e62c66cb2c19de2d5dd69a666e7220d123b038
-
SHA256
7bb024a9f018978f826a9e3f9367f834427df51b1cda41ed11fd61701ec5d4dc
-
SHA512
5c6cf0c179733c08d5e1f3817ce2ca9b6961a0811c9ace869a19b77b3fcef8b31d5088ac722611b0a344f642cb24421a871c5ced162e249f3b63f30f67f8f7db
-
SSDEEP
12288:Wxc3xALb1QWBV+wsySEPqdyrlHgtFqZOsgdMbG4KojBgDQUPwNu5epYUUj:W4eV+wsBChHIzWbFjV/Nq
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-