General
-
Target
DOCUMENT.exe
-
Size
606KB
-
Sample
230418-arzaqsad8w
-
MD5
3128bcb21dc35f5f8e3159d62f34b61c
-
SHA1
2cd611355066a62d3c6391321b253065cffacd8d
-
SHA256
ce095951b07d0d736318adaa328b7e063b4bc4ecc1253cc539962ce858aa5a94
-
SHA512
fee1db55aea6d8b13884b4a12d3a653b32be2f31c539f82b9e6c379b9fbaaea3dafef7d82d1c4ced5fdc63e3e5e685423f2ce7591f0d35749c78ff82a4358b16
-
SSDEEP
12288:89vI0pW48+hNknKT7GJejOtysczjLdhys//HzrgML3OEfKvajdC8QiGTfliadEI2:qo617GJrYvXLdhys3TrgMrOEff5C8QiT
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.expertsconsultgh.co - Port:
587 - Username:
[email protected] - Password:
Oppong.2012 - Email To:
[email protected]
Targets
-
-
Target
DOCUMENT.exe
-
Size
606KB
-
MD5
3128bcb21dc35f5f8e3159d62f34b61c
-
SHA1
2cd611355066a62d3c6391321b253065cffacd8d
-
SHA256
ce095951b07d0d736318adaa328b7e063b4bc4ecc1253cc539962ce858aa5a94
-
SHA512
fee1db55aea6d8b13884b4a12d3a653b32be2f31c539f82b9e6c379b9fbaaea3dafef7d82d1c4ced5fdc63e3e5e685423f2ce7591f0d35749c78ff82a4358b16
-
SSDEEP
12288:89vI0pW48+hNknKT7GJejOtysczjLdhys//HzrgML3OEfKvajdC8QiGTfliadEI2:qo617GJrYvXLdhys3TrgMrOEff5C8QiT
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-