General
-
Target
NEAS.8f67179d79a41785161fd1f08dd5810b8f881d07da15fb7ada0d23b32bcaf63a.exe
-
Size
716KB
-
Sample
231202-l8l8aabf6x
-
MD5
30d7859cbe0504415ecbdf012841aea0
-
SHA1
c740b95d38199bc38f13e63fd9e9d684c8bf749f
-
SHA256
8f67179d79a41785161fd1f08dd5810b8f881d07da15fb7ada0d23b32bcaf63a
-
SHA512
bc5d7ef245f4cb74c7a2feb4d49d2bce26072054fcc66e97733915d477a36fa7f5f22ff409e13cd8e0d83a402103afff2ccf2dc0f271f8c83a06360b7167dc5f
-
SSDEEP
12288:MzBINsLzAGRGwf7tXJVpGD56uCStMq5FI1iapADDfdL35HgG6:wLLzgwDNJqJLN3FL3
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mgsales.net - Port:
587 - Username:
[email protected] - Password:
.L&tA{$_f4+t - Email To:
[email protected]
Targets
-
-
Target
NEAS.8f67179d79a41785161fd1f08dd5810b8f881d07da15fb7ada0d23b32bcaf63a.exe
-
Size
716KB
-
MD5
30d7859cbe0504415ecbdf012841aea0
-
SHA1
c740b95d38199bc38f13e63fd9e9d684c8bf749f
-
SHA256
8f67179d79a41785161fd1f08dd5810b8f881d07da15fb7ada0d23b32bcaf63a
-
SHA512
bc5d7ef245f4cb74c7a2feb4d49d2bce26072054fcc66e97733915d477a36fa7f5f22ff409e13cd8e0d83a402103afff2ccf2dc0f271f8c83a06360b7167dc5f
-
SSDEEP
12288:MzBINsLzAGRGwf7tXJVpGD56uCStMq5FI1iapADDfdL35HgG6:wLLzgwDNJqJLN3FL3
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-