General
-
Target
Hesap_Hareketleri_04092023,xlsx.exe
-
Size
47KB
-
Sample
230904-tvl95ahf92
-
MD5
099e6218c08eea9198712af428da69f4
-
SHA1
d00988f1a2ef6e3d3a91cab53c031299ec0e73fd
-
SHA256
b32e1ee31d9c56516ef6bfe986e6fc61fc3ea163af41d5d9f8afa5757c7f8f52
-
SHA512
61ce6a47a6613ddb808c43cda0c2abd9ce5a98e9066afa6b4a94733c04001d2edccbb589a273fd3c5358de3c8ea20479b31542601bb61d7d0efeac4998bf6e4e
-
SSDEEP
768:oGJj7IwcXjM38REsoGpGf6OX2IGmqbMYcEmUvusiYNvWUSt6:oW7eM3CEF/7GmqbMY7usiY9hk6
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.esaotomasyon.com - Port:
587 - Username:
[email protected] - Password:
IN3s40t0m4SY0n - Email To:
[email protected]
Targets
-
-
Target
Hesap_Hareketleri_04092023,xlsx.exe
-
Size
47KB
-
MD5
099e6218c08eea9198712af428da69f4
-
SHA1
d00988f1a2ef6e3d3a91cab53c031299ec0e73fd
-
SHA256
b32e1ee31d9c56516ef6bfe986e6fc61fc3ea163af41d5d9f8afa5757c7f8f52
-
SHA512
61ce6a47a6613ddb808c43cda0c2abd9ce5a98e9066afa6b4a94733c04001d2edccbb589a273fd3c5358de3c8ea20479b31542601bb61d7d0efeac4998bf6e4e
-
SSDEEP
768:oGJj7IwcXjM38REsoGpGf6OX2IGmqbMYcEmUvusiYNvWUSt6:oW7eM3CEF/7GmqbMY7usiY9hk6
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-