General
-
Target
Telex Release BL for 4704854 4665930.ARJ
-
Size
446KB
-
Sample
230609-ts2xssde3t
-
MD5
5af24fc7f1fc2c55d515b0fdd11a9594
-
SHA1
bab00e73497de8af1b474a9006b24958fd69b12f
-
SHA256
c86b63c5c7cf3ff83175f60511151fbc993d42566f1bc38cabffd15719a14e59
-
SHA512
0f01691fccc0ec7e04dad5819a2f649c1dd8fdc14e99ebf84647818266fd648d749cf578737772b9598aaab0d48117c5c5a2e3fd486d9232caf67e0c742848a5
-
SSDEEP
6144:b1rsyT/ZE2opEMgRHXx6y8IlyjbDEY/RV+gj3Mq/kHG6pTmbFLuRJauY7v+tUlOA:p7/22oqMglXgy8iYX53Mq//6sFiKuYFb
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sorincrop.com - Port:
587 - Username:
rck9897@sorincrop.com - Password:
blessing202321@!$%btr - Email To:
vinod@sorincrop.com
Targets
-
-
Target
Telex Release BL for 4704854 4665930.exe
-
Size
836KB
-
MD5
4ef95506966ec368bb5fef61b734eab0
-
SHA1
b90a7bc656193221a4365ccd97fef88f1927d0a3
-
SHA256
c45219a3fd0cf51360c30b7aa0cba985ad1d28030785ab9dc5083090540409d8
-
SHA512
bca2b6102ab7bf54421fa7a208b952d0d15f78e9712cf779c8d30da73b9fcc64f6e01d99784f6425a1dd358b54502eff3e5b60f49def584cd3d9ac6fc3f04b3c
-
SSDEEP
12288:Jh78U1wr+DKIE+oBYFqdhshvZnCP+GREixvgOD:JhDT+p+IEvs3REilgG
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-