General
-
Target
da9d5306813cca469368878442ce8f00.bin
-
Size
13KB
-
Sample
231004-b9762age61
-
MD5
da9d5306813cca469368878442ce8f00
-
SHA1
b8536af8ee6a0e976ee2b6fa4817510378212a00
-
SHA256
d2d27dd30f05423f9290493b04bdaceec3052b477e9e84f9ffdd81e4b3b8d1ed
-
SHA512
c2bb1f6a52b06d9d29fa3c3b11ae264141556ca43a98851fe658edc40ab6ea92c36af20b6ef38b7b44f0f36b5c3192389ef703d1b4739ff70b54241490a24582
-
SSDEEP
384:yfG4TYLVtcY+eolwWR3SMDGwBljlIVjkrOTy6mhJ47lRy:yk+YdOl6NVjOky6CJuby
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.agrorecambios.com - Port:
587 - Username:
[email protected] - Password:
PabloAgrorecambios2022 - Email To:
[email protected]
Targets
-
-
Target
06b041ee542d3bfb8cf715ae24ddcf90690eb10bd907e720def9b95fcd2863bf
-
Size
23KB
-
MD5
ab103943971ec70f85355a29e31dee3b
-
SHA1
4c5508c99ce231f48d0be8b8cee943c4259316e0
-
SHA256
06b041ee542d3bfb8cf715ae24ddcf90690eb10bd907e720def9b95fcd2863bf
-
SHA512
79e4d40098fde5fe467d1b84dae7243ba1402de4f1455489b042f43210fa7b97643bc97c4e1a8dc4bc16ef96a5d11e12b181ad753db8e8c624382e87f142a693
-
SSDEEP
384:tDH9PoHrFUqTfYY/G6pNXI+icmCf1YoM5IZJu27PIZAKZFdDFbo2FEIqoHJDEwX:tD6HBtTfYY/icmCf1YoM27PVK/bwoHy+
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Blocklisted process makes network request
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-