General
-
Target
5b7713b5af376ac7e9766a3efbae0288fba17c8599ba9c2149d78d5e67eabc7e_JC.exe
-
Size
997KB
-
Sample
231012-s45mdsbe59
-
MD5
0d3ea97b20b9713ac80d8d56e1697f7f
-
SHA1
914d6b85b08b298893cbda80bb34bb3df0c6cf09
-
SHA256
5b7713b5af376ac7e9766a3efbae0288fba17c8599ba9c2149d78d5e67eabc7e
-
SHA512
4675d4e4e0f402ce436ffc7eee9902daee70ea3a83b3c3f71c36b84c862c9844a978f173b2189ef0d400b624bd5e35b503b55fab0e7f8b30e2df2e74459cdcef
-
SSDEEP
24576:KVSlsS/ohNdsr6RMDTivaj1vWXY56f4led9B1mo77p4hQD/:K40MysvqYsAled9Bp7tgE
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mbarieservicesltd.com - Port:
587 - Username:
[email protected] - Password:
*o9H+18Q4%;M - Email To:
[email protected]
Targets
-
-
Target
5b7713b5af376ac7e9766a3efbae0288fba17c8599ba9c2149d78d5e67eabc7e_JC.exe
-
Size
997KB
-
MD5
0d3ea97b20b9713ac80d8d56e1697f7f
-
SHA1
914d6b85b08b298893cbda80bb34bb3df0c6cf09
-
SHA256
5b7713b5af376ac7e9766a3efbae0288fba17c8599ba9c2149d78d5e67eabc7e
-
SHA512
4675d4e4e0f402ce436ffc7eee9902daee70ea3a83b3c3f71c36b84c862c9844a978f173b2189ef0d400b624bd5e35b503b55fab0e7f8b30e2df2e74459cdcef
-
SSDEEP
24576:KVSlsS/ohNdsr6RMDTivaj1vWXY56f4led9B1mo77p4hQD/:K40MysvqYsAled9Bp7tgE
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-