General
-
Target
6228505d8b5589a8b844eb392624cca72715b7f57b997a641cdc3614d39260fd.exe
-
Size
713KB
-
Sample
231202-lbl61sbc76
-
MD5
b93651f3c0395fde4b9cdf16d78808a0
-
SHA1
f73862ace26b8d28bdf1e994ba8a55b1dda06334
-
SHA256
6228505d8b5589a8b844eb392624cca72715b7f57b997a641cdc3614d39260fd
-
SHA512
1c3b33c6528c63fdddc0847f5723f6d2130616e37d9cb4aab3206741545494bcee40b9d8b9e56d08d1a22e60855b28052aee2a06d85718987c59240a94f9dde8
-
SSDEEP
12288:drbwLijB6+6ODydZZ8ZEoIQJcf95AmBHseP2i9SQtZILwobADA:dnQ+6VLobc9umtseP2i9SQtZI31
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.tecnosilos.com.py - Port:
587 - Username:
[email protected] - Password:
kOS;ST~,F3UX - Email To:
[email protected]
Targets
-
-
Target
6228505d8b5589a8b844eb392624cca72715b7f57b997a641cdc3614d39260fd.exe
-
Size
713KB
-
MD5
b93651f3c0395fde4b9cdf16d78808a0
-
SHA1
f73862ace26b8d28bdf1e994ba8a55b1dda06334
-
SHA256
6228505d8b5589a8b844eb392624cca72715b7f57b997a641cdc3614d39260fd
-
SHA512
1c3b33c6528c63fdddc0847f5723f6d2130616e37d9cb4aab3206741545494bcee40b9d8b9e56d08d1a22e60855b28052aee2a06d85718987c59240a94f9dde8
-
SSDEEP
12288:drbwLijB6+6ODydZZ8ZEoIQJcf95AmBHseP2i9SQtZILwobADA:dnQ+6VLobc9umtseP2i9SQtZI31
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-