General
-
Target
JC_9a39959590ecc406a990782cfc8444671afd7de9ecf0ff6f1fee5656ab53fe08
-
Size
344KB
-
Sample
231012-skh92shh85
-
MD5
586cbed1dc6173df9cb829144dcd5ddc
-
SHA1
c244b81cd33e05cd2c24b48bb4750f4616f91e2e
-
SHA256
9a39959590ecc406a990782cfc8444671afd7de9ecf0ff6f1fee5656ab53fe08
-
SHA512
7243205b01ac2d88fead1d3e2150fbe510c11cf3a44bda7071462e15150a46c9533008f649c5085d43ccd677fb90facfdadb09e70aa63f02f484ca7eeba7f829
-
SSDEEP
6144:zkHmK23kaL/UYae5zqNXIs06daejOCGwmfvHjkzDmNkoj466nky05JznwZ7GyLKx:zXKy7LcahKIs063iw+HLkoj4nbI9wZ7W
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
uikstcmljdzhturh - Email To:
[email protected]
Targets
-
-
Target
QUOTATION_SEPT9FIBA00541·PDF.scr
-
Size
378KB
-
MD5
404e68a96892ecfcb88a114e31abb55c
-
SHA1
01db0f21268b21aeeced4445220c1ab38aa74913
-
SHA256
4a564bf525a47e450c43e6dfa9bc9de4395e6dfb9707d1682f88dc86046e69a0
-
SHA512
792847baef149cfb80bb48f6c83ee5b811c85f1b4ec833edd988911694b890c82e5db4b9b3410f195d0a7fd3414c7ad31d7b382faafbc3953cc604845568b93e
-
SSDEEP
6144:X6vT/BZdLJXklw6HoG41k4uwJLeDeQv1W3sUcRdQBzUgOhbybIlIEpuS8Y7:qvbBZZUHoZk8Yp1W3jcRjgOhebr48Y
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-