General
-
Target
PO -173.exe
-
Size
1.2MB
-
Sample
231117-nc3w9sgh89
-
MD5
cf11d3a64d8ea9fd79db10cc83d71179
-
SHA1
6a6935eef567e89aeed45df1c4b353e142d06da0
-
SHA256
f8aa3880202328a119071117878db0c3b5dc03a5cae3cb16e00cd2353598a913
-
SHA512
0303cfad56585e073d5681055249147c67b0608949cf7578f300173e9913e1167f24fbc91c86a884efea171ea5aef86852bc63357c9824fba434f3c13666fca6
-
SSDEEP
24576:xKlE6nS1oQRNPjqD+xujqtTOD2+w1O15Yp4v+:wE6nS1oQRNOgujwOD3wQYq
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mayaklogistic.ru - Port:
587 - Username:
[email protected] - Password:
Tommy8118 - Email To:
[email protected]
Targets
-
-
Target
PO -173.exe
-
Size
1.2MB
-
MD5
cf11d3a64d8ea9fd79db10cc83d71179
-
SHA1
6a6935eef567e89aeed45df1c4b353e142d06da0
-
SHA256
f8aa3880202328a119071117878db0c3b5dc03a5cae3cb16e00cd2353598a913
-
SHA512
0303cfad56585e073d5681055249147c67b0608949cf7578f300173e9913e1167f24fbc91c86a884efea171ea5aef86852bc63357c9824fba434f3c13666fca6
-
SSDEEP
24576:xKlE6nS1oQRNPjqD+xujqtTOD2+w1O15Yp4v+:wE6nS1oQRNOgujwOD3wQYq
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-