General
-
Target
QUOTATIONOCT9FIBA00541PDFscr_JC.exe
-
Size
952KB
-
Sample
231005-wlz6qsff58
-
MD5
44f557148b5aea457eb6720892a7a5c8
-
SHA1
20de9ce80d4d194cd77a9e0f4ec2e9b23f5f3994
-
SHA256
5a5405a59ac1371bf62ee9599b29bed6e7ee8e11f7319c6ff7d5900963900e3f
-
SHA512
8c504d664212be64386836e03e6abed289a444b58c9a9ac2eedb2dc40b301bdf1f0ef5380dffeb8bf1d4570bf66fab3c37e78564ff530bbfecc35985da020b27
-
SSDEEP
12288:rafxt/rzVrkMxtIesnLRgieG16k3lsfZXOWdX/pZ1kfmg:upt/rzVrkMDIfyiJ1d3liZXO+mf
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
gator3220.hostgator.com - Port:
587 - Username:
[email protected] - Password:
PD#Hmarr#597r%@@ - Email To:
[email protected]
Targets
-
-
Target
QUOTATIONOCT9FIBA00541PDFscr_JC.exe
-
Size
952KB
-
MD5
44f557148b5aea457eb6720892a7a5c8
-
SHA1
20de9ce80d4d194cd77a9e0f4ec2e9b23f5f3994
-
SHA256
5a5405a59ac1371bf62ee9599b29bed6e7ee8e11f7319c6ff7d5900963900e3f
-
SHA512
8c504d664212be64386836e03e6abed289a444b58c9a9ac2eedb2dc40b301bdf1f0ef5380dffeb8bf1d4570bf66fab3c37e78564ff530bbfecc35985da020b27
-
SSDEEP
12288:rafxt/rzVrkMxtIesnLRgieG16k3lsfZXOWdX/pZ1kfmg:upt/rzVrkMDIfyiJ1d3liZXO+mf
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-