General
-
Target
SecuriteInfo.com.Trojan.Inject4.59820.24882.29359.exe
-
Size
836KB
-
Sample
231114-z7wbfshd2s
-
MD5
f3b140dcd58be134e8bae5c824f122e4
-
SHA1
62b26d69cff580973e6062b239ff5ca0b7e62781
-
SHA256
8645bdb895457e08db9625bba8903490cecaad66c6cd3c0af3688afa60a425c1
-
SHA512
e6b5af964b172c767caa5d005735ebf24f86b5361b322ad621c8a97be2b1518bfcf69f5347106d210b425595eb250aeb8c4813730bb2375269bc2d4828ea49f9
-
SSDEEP
12288:YRUTV5nILpRNgjHzMQjA3lMhUS5x70f0lrP/D2tIcLRT8FN:DTV5nwL6jHQ3K80lzDsIORT
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mgsales.net - Port:
587 - Username:
[email protected] - Password:
.L&tA{$_f4+t - Email To:
[email protected]
Targets
-
-
Target
SecuriteInfo.com.Trojan.Inject4.59820.24882.29359.exe
-
Size
836KB
-
MD5
f3b140dcd58be134e8bae5c824f122e4
-
SHA1
62b26d69cff580973e6062b239ff5ca0b7e62781
-
SHA256
8645bdb895457e08db9625bba8903490cecaad66c6cd3c0af3688afa60a425c1
-
SHA512
e6b5af964b172c767caa5d005735ebf24f86b5361b322ad621c8a97be2b1518bfcf69f5347106d210b425595eb250aeb8c4813730bb2375269bc2d4828ea49f9
-
SSDEEP
12288:YRUTV5nILpRNgjHzMQjA3lMhUS5x70f0lrP/D2tIcLRT8FN:DTV5nwL6jHQ3K80lzDsIORT
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-