General
-
Target
440531MES_S Quote.img
-
Size
1.2MB
-
Sample
231031-pp3mpsga5z
-
MD5
6b643fbd1d3723b5bd5cf8b85bc295bd
-
SHA1
dc4ad2cceda607959525f1e9ce49fe465fa6f844
-
SHA256
4982314ddcb94da26a478014d066102df3f269a313695faccd5de005be6f7fa4
-
SHA512
169155b390e5b05e6b622c6062da95fe8ef5a1cdf94a0627bd32c240a88b466c431610cbba01a487f3849930dd080a24a0bbceb3cfc19a8a91d01feb0a36b85f
-
SSDEEP
3072:/tDKW1LgppLRHMY0TBfJvjcTp5XJpv8xyfOssWHRJFk48:lDKW1Lgbdl0TBBvjc/Jax2XX
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mbarieservicesltd.com - Port:
587 - Username:
[email protected] - Password:
*o9H+18Q4%;M - Email To:
[email protected]
Targets
-
-
Target
440531ME.EXE
-
Size
336KB
-
MD5
5b52bce0cb4a92cad69ca0a71aa3f23e
-
SHA1
f5fee2fb303ed3995c2b3cd1646b2d1208b27e5d
-
SHA256
ed557334b0e85c886a31ce62976f593cb19c500e2cafa83dcc2a3b484ab86e18
-
SHA512
9778b595d4698c3d64dd4b4ffc53377985b44d09017a7c3f5bbb2992dc7eb474d4d57c4392bb01a0c351b371539a3858a86ec7edeb2b41a659f9295ba07dc746
-
SSDEEP
3072:qDKW1LgppLRHMY0TBfJvjcTp5XJpv8xyfOssWHRJFk48:qDKW1Lgbdl0TBBvjc/Jax2XX
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-