General
-
Target
PURCHASE ORDER.zip
-
Size
413KB
-
Sample
230606-radq5sea29
-
MD5
11cbe548a55455b43979fcc32744ea0e
-
SHA1
a7f825fcd93f3dbad83198ea2227057129152bde
-
SHA256
0cc3029664a931cfb3c215fb3b946008af071d531de7a792ca07cc79572a789f
-
SHA512
3820fd02d69f053f4c29af047e28733bf3fd4ad6d507e54f0954a9f8853afed28f569b51d042940af3c7175cea4f784da0420a010ff77d3742827caa9671be48
-
SSDEEP
12288:Tg+ItmDJ4Y9mZyH+qHJ5uE6thF/LMfeDXa9sE1J:114CtzA1L4mk
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
sarahfoils.com - Port:
587 - Username:
[email protected] - Password:
Scalatica01 - Email To:
[email protected]
Targets
-
-
Target
PURCHASE ORDER.exe
-
Size
699KB
-
MD5
c3577d14cda7504d8ceaa9ae26fbb70d
-
SHA1
0c79db2c4ca4f153d231a6378159675f9a111e0f
-
SHA256
1b3662e68c3970c3ad2c9cff4b034a88823e67c7da54842519ac8dfefd87a883
-
SHA512
7d0a253a8676dd04202c9e643e0c4debf48c68f6b26163b38bb6726e1855bb41af93b1dbb139eddda689413ff56bb2c4218238492a954fc03cf5e0fef071f868
-
SSDEEP
12288:shqGsDJiANmZk7wqHbjuEIxhF/vM16DXY9soO:s4N1imP/ahvQi
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-