General
-
Target
cfb407859f4a0d1724464417c7b194f45f0ca3c20b74db7c0924f9671822b1d2
-
Size
733KB
-
Sample
231202-ccrcpahd2v
-
MD5
15fe8935c849629c00129ef7abc6c715
-
SHA1
7eccbcc72ef905192af85ed34cf942414e14ae0e
-
SHA256
cfb407859f4a0d1724464417c7b194f45f0ca3c20b74db7c0924f9671822b1d2
-
SHA512
9a7e5eeb72c38adeeb5d41fc1798cb80b1d7e541c86e1eb062a70690acf5d4f21295576f12bd7dbac6bf6426762e990f8f94f83fbe45abf2a89c59f527c8d1c4
-
SSDEEP
12288:6vSIlGl/53Q0ZFasAVDPhgO2oSP8ATIjnqdFycVoQXtm2:6vE55es2PEP8KCnuFyc+QXI
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.trisquarespl.com - Port:
587 - Username:
[email protected] - Password:
vphYSHb*2 - Email To:
[email protected]
Targets
-
-
Target
cfb407859f4a0d1724464417c7b194f45f0ca3c20b74db7c0924f9671822b1d2
-
Size
733KB
-
MD5
15fe8935c849629c00129ef7abc6c715
-
SHA1
7eccbcc72ef905192af85ed34cf942414e14ae0e
-
SHA256
cfb407859f4a0d1724464417c7b194f45f0ca3c20b74db7c0924f9671822b1d2
-
SHA512
9a7e5eeb72c38adeeb5d41fc1798cb80b1d7e541c86e1eb062a70690acf5d4f21295576f12bd7dbac6bf6426762e990f8f94f83fbe45abf2a89c59f527c8d1c4
-
SSDEEP
12288:6vSIlGl/53Q0ZFasAVDPhgO2oSP8ATIjnqdFycVoQXtm2:6vE55es2PEP8KCnuFyc+QXI
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-