General
-
Target
079df1e8aa1e77f3fa405d6ce7676c23.exe
-
Size
895KB
-
Sample
231002-xal1eadg7w
-
MD5
079df1e8aa1e77f3fa405d6ce7676c23
-
SHA1
1f3035e7cb9d9db4fa5368514590867e3bb2f378
-
SHA256
df774735101598c4f9d0a16833802218a4fd7c265c9f07ddb6964393eb937c20
-
SHA512
060f6d56856d2251b8d7c14b88564822e463b57f3ab0a9cd04f34e0766fbc675d2e4145234d2cf53cc919c05f2765f1c1a176893ea73cee94a3c20d3df7b48c3
-
SSDEEP
12288:gmpjS/B1Ki4flKfdIAAyilp3ye9D9JIKEDf9lGy7ncWT:gIS/B1KJNKfIyiGcmKnGnBT
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
server1.sqsendy.shop - Port:
587 - Username:
[email protected] - Password:
}_#Y{Eu)2qWJ - Email To:
[email protected]
Targets
-
-
Target
079df1e8aa1e77f3fa405d6ce7676c23.exe
-
Size
895KB
-
MD5
079df1e8aa1e77f3fa405d6ce7676c23
-
SHA1
1f3035e7cb9d9db4fa5368514590867e3bb2f378
-
SHA256
df774735101598c4f9d0a16833802218a4fd7c265c9f07ddb6964393eb937c20
-
SHA512
060f6d56856d2251b8d7c14b88564822e463b57f3ab0a9cd04f34e0766fbc675d2e4145234d2cf53cc919c05f2765f1c1a176893ea73cee94a3c20d3df7b48c3
-
SSDEEP
12288:gmpjS/B1Ki4flKfdIAAyilp3ye9D9JIKEDf9lGy7ncWT:gIS/B1KJNKfIyiGcmKnGnBT
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-