General
-
Target
hesaphareketi-01.exe
-
Size
247KB
-
Sample
230420-g3xplsga59
-
MD5
24e006f0cce420cc01fc6ade4279ecab
-
SHA1
e0be21024f815bb98dc867146ab9eb57ef31a2d0
-
SHA256
70309d9a9a6bcf60631bc111f5cc469e93833816754d5622a629653c18a92035
-
SHA512
05d4ad5bf8ec1df368170ecd9b5c467de3e58a7699cd21ff3cc40b58e3600d53c64fd1bfb877c3fe7de8d3821a8aa7c6e8647061b74488fb566dfa24d6e8ae56
-
SSDEEP
6144:2v/HQiKxAfyE6CXUvfShEz72bGS/sp2ZVPQyfGbQSUJm/n4:K/wiKMyE6CXUv0WsGgscrQyfGclJ
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.redseatransportuae.com - Port:
587 - Username:
[email protected] - Password:
method10@10 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.redseatransportuae.com - Port:
587 - Username:
[email protected] - Password:
method10@10
Targets
-
-
Target
hesaphareketi-01.exe
-
Size
247KB
-
MD5
24e006f0cce420cc01fc6ade4279ecab
-
SHA1
e0be21024f815bb98dc867146ab9eb57ef31a2d0
-
SHA256
70309d9a9a6bcf60631bc111f5cc469e93833816754d5622a629653c18a92035
-
SHA512
05d4ad5bf8ec1df368170ecd9b5c467de3e58a7699cd21ff3cc40b58e3600d53c64fd1bfb877c3fe7de8d3821a8aa7c6e8647061b74488fb566dfa24d6e8ae56
-
SSDEEP
6144:2v/HQiKxAfyE6CXUvfShEz72bGS/sp2ZVPQyfGbQSUJm/n4:K/wiKMyE6CXUv0WsGgscrQyfGclJ
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-