General
-
Target
44090014546_20221209_00071716.HesapOzeti.exe
-
Size
788KB
-
Sample
230411-xh22laed96
-
MD5
fa7596a3fa51f89185372498d8336e96
-
SHA1
1e22c8100fc4fad4470f49a3d96081552bcec1ae
-
SHA256
3b43d428f7ec121f4c0f33a1ccd521cac197729c9e169d1eb2f4c6f7383ad031
-
SHA512
e83456e2403f89ffed7533a108cc87d97871431d9181a9b0bd01240980bf60bcce57c21ca535c3464e0605ae2e9a7422b88315dd87d124e4b00de3ac24ff63be
-
SSDEEP
24576:RxoFGeAwbcK1Wr2jwWQOYCgQGzM8zgx8VhKbnQ:RSF/3bcK1eAwW4CiMr6U
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.redseatransportuae.com - Port:
587 - Username:
[email protected] - Password:
method10@10 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.redseatransportuae.com - Port:
587 - Username:
[email protected] - Password:
method10@10
Targets
-
-
Target
44090014546_20221209_00071716.HesapOzeti.exe
-
Size
788KB
-
MD5
fa7596a3fa51f89185372498d8336e96
-
SHA1
1e22c8100fc4fad4470f49a3d96081552bcec1ae
-
SHA256
3b43d428f7ec121f4c0f33a1ccd521cac197729c9e169d1eb2f4c6f7383ad031
-
SHA512
e83456e2403f89ffed7533a108cc87d97871431d9181a9b0bd01240980bf60bcce57c21ca535c3464e0605ae2e9a7422b88315dd87d124e4b00de3ac24ff63be
-
SSDEEP
24576:RxoFGeAwbcK1Wr2jwWQOYCgQGzM8zgx8VhKbnQ:RSF/3bcK1eAwW4CiMr6U
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-