General
-
Target
23f80d25764ed88a56ff93ad71c123ad83a5877ec6aeb47241f19d84625dc8f3
-
Size
967KB
-
Sample
231123-b6x7nagb8w
-
MD5
5457b522450d6dd05d59f4f6853d3268
-
SHA1
5c86f97bacf6cd52b15393a1fb6f2b30cebbb4db
-
SHA256
23f80d25764ed88a56ff93ad71c123ad83a5877ec6aeb47241f19d84625dc8f3
-
SHA512
70200463497a87c888b73abcd692082c792cfad0560c36374e84ca7273d2b3e83b03fcae91b6f67a45dc214fea58c50d8d8a20bdefde56a05167fa5c31e01595
-
SSDEEP
24576:yQp0mrZRfXwcYLDEfCfcrM1KmifPnrEHQUTOqofIlhChgdgmj:yQp08rXwcYLYfiNS3nrQQUT7ofIlohsB
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bezzleauto.com - Port:
587 - Username:
[email protected] - Password:
kex#-rHjHM4qKk52 - Email To:
[email protected]
Targets
-
-
Target
23f80d25764ed88a56ff93ad71c123ad83a5877ec6aeb47241f19d84625dc8f3
-
Size
967KB
-
MD5
5457b522450d6dd05d59f4f6853d3268
-
SHA1
5c86f97bacf6cd52b15393a1fb6f2b30cebbb4db
-
SHA256
23f80d25764ed88a56ff93ad71c123ad83a5877ec6aeb47241f19d84625dc8f3
-
SHA512
70200463497a87c888b73abcd692082c792cfad0560c36374e84ca7273d2b3e83b03fcae91b6f67a45dc214fea58c50d8d8a20bdefde56a05167fa5c31e01595
-
SSDEEP
24576:yQp0mrZRfXwcYLDEfCfcrM1KmifPnrEHQUTOqofIlhChgdgmj:yQp08rXwcYLYfiNS3nrQQUT7ofIlohsB
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-