General
-
Target
NEAS.4e4d31c038b40c4267f2757def2a94a87d47f934b265cfe2b298274751a1ea48exe_JC.exe
-
Size
760KB
-
Sample
231007-v3xlhage29
-
MD5
f645c39596545a4c9ff1fae2c1df4719
-
SHA1
dbc148ff48b1d524ab5d65d87701c53e25a448b9
-
SHA256
4e4d31c038b40c4267f2757def2a94a87d47f934b265cfe2b298274751a1ea48
-
SHA512
0f97e798b68ecc4df9f0196596a7096893e0062202f44d0f3772fe2f316238444ceb511ad2143ca45f284c30a7a281acd1879d60f7b8750754a852d8947c1e34
-
SSDEEP
12288:jYj4k4yJu5zM85pm/Fb55Jnz4YlBEMO+kfrg+dWC9OTxtq:xhyJu5zL5pGxnz4eWrE+gC42
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
server1.sqsendy.shop - Port:
587 - Username:
[email protected] - Password:
}_#Y{Eu)2qWJ - Email To:
[email protected]
Targets
-
-
Target
NEAS.4e4d31c038b40c4267f2757def2a94a87d47f934b265cfe2b298274751a1ea48exe_JC.exe
-
Size
760KB
-
MD5
f645c39596545a4c9ff1fae2c1df4719
-
SHA1
dbc148ff48b1d524ab5d65d87701c53e25a448b9
-
SHA256
4e4d31c038b40c4267f2757def2a94a87d47f934b265cfe2b298274751a1ea48
-
SHA512
0f97e798b68ecc4df9f0196596a7096893e0062202f44d0f3772fe2f316238444ceb511ad2143ca45f284c30a7a281acd1879d60f7b8750754a852d8947c1e34
-
SSDEEP
12288:jYj4k4yJu5zM85pm/Fb55Jnz4YlBEMO+kfrg+dWC9OTxtq:xhyJu5zL5pGxnz4eWrE+gC42
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-