General
-
Target
Quote RQ102470.pdf.exe
-
Size
1.1MB
-
Sample
230615-ln6fesff36
-
MD5
832c205e98869a4743d66848d2e3c519
-
SHA1
6034be61cf10462fbf4c2ba8d0201a39315cba6f
-
SHA256
52a48aba16c96af863ce4324d72fcbcb5becbffe00606059bd1e5ade83cb2ee2
-
SHA512
abc257f257b6a4b04a63d2d548897d50bc1a70ea185499651f6d1a5ddbc82b2b02928ec0d644b0f1e89ecd9ad9f24410d844959bb15580efdfd6f2be279e1870
-
SSDEEP
12288:xo0ZKHdWaClVU1e/1/yMLHNmirb3FQqUCd2e5M1YFqTpEh1:xfZmX1e3zXrb1QqUCRqTp+
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
JUGCRsm9 - Email To:
[email protected]
Targets
-
-
Target
Quote RQ102470.pdf.exe
-
Size
1.1MB
-
MD5
832c205e98869a4743d66848d2e3c519
-
SHA1
6034be61cf10462fbf4c2ba8d0201a39315cba6f
-
SHA256
52a48aba16c96af863ce4324d72fcbcb5becbffe00606059bd1e5ade83cb2ee2
-
SHA512
abc257f257b6a4b04a63d2d548897d50bc1a70ea185499651f6d1a5ddbc82b2b02928ec0d644b0f1e89ecd9ad9f24410d844959bb15580efdfd6f2be279e1870
-
SSDEEP
12288:xo0ZKHdWaClVU1e/1/yMLHNmirb3FQqUCd2e5M1YFqTpEh1:xfZmX1e3zXrb1QqUCRqTp+
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-