General
-
Target
Quotation.exe
-
Size
1.9MB
-
Sample
230418-cc9t2aah4t
-
MD5
00d5dcb19a90dadbd1745763a99ebbf2
-
SHA1
bf97499d2f61ed803efd966d4f3da9e853cd895c
-
SHA256
c7a68e6f0e7d5582f9ca62149488f5b9c506b08d397a7e2c3e25547da16faeca
-
SHA512
5280a89bdfce94f8dd498ff8617c4f7bc591c7c350d112d3f36f213ad085fb894964d15b008e433bb8f4325ffb548bf88cd8ae3be4e202fdf6638659c38dbff3
-
SSDEEP
24576:3VHdjRZalZ+sBKUxqhD78uBz7Be628zyL4HBCmC76gwTiM+/7fThLwwVTpYMbCI6:lHdHNle8pB/PfSbtwYMww
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
azmlogistics.com - Port:
587 - Username:
[email protected] - Password:
Darvey365 - Email To:
[email protected]
Targets
-
-
Target
Quotation.exe
-
Size
1.9MB
-
MD5
00d5dcb19a90dadbd1745763a99ebbf2
-
SHA1
bf97499d2f61ed803efd966d4f3da9e853cd895c
-
SHA256
c7a68e6f0e7d5582f9ca62149488f5b9c506b08d397a7e2c3e25547da16faeca
-
SHA512
5280a89bdfce94f8dd498ff8617c4f7bc591c7c350d112d3f36f213ad085fb894964d15b008e433bb8f4325ffb548bf88cd8ae3be4e202fdf6638659c38dbff3
-
SSDEEP
24576:3VHdjRZalZ+sBKUxqhD78uBz7Be628zyL4HBCmC76gwTiM+/7fThLwwVTpYMbCI6:lHdHNle8pB/PfSbtwYMww
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-