General
-
Target
NEAS.6a1ef6c9c4a269735ad4093d064dd1c673c32bd24ebdcb8dd01c80d9e9e24876.exe
-
Size
676KB
-
Sample
231202-mdcwssbh5z
-
MD5
86c92625a06644590f8f93f6aa5669db
-
SHA1
eceab13ad2b687af069dd80a60f714dd345d019c
-
SHA256
6a1ef6c9c4a269735ad4093d064dd1c673c32bd24ebdcb8dd01c80d9e9e24876
-
SHA512
2f04e694216d52ee2ccab165067d14641993d1fc770736d8a813e8cdff82729e1eefc5e8945b6dfd65e9166ba227139b1c35c3742e3e56bcdd5f4392e3a5957d
-
SSDEEP
12288:4v26JAeIIn3gXWRadHKP5jaLEPkyndhv0x5blcAciPGK:G26JA4MW+KP5jaLEHndhvY53DG
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.iaa-airferight.com - Port:
587 - Username:
[email protected] - Password:
29ftOO+6H-ivsG5A - Email To:
[email protected]
Targets
-
-
Target
NEAS.6a1ef6c9c4a269735ad4093d064dd1c673c32bd24ebdcb8dd01c80d9e9e24876.exe
-
Size
676KB
-
MD5
86c92625a06644590f8f93f6aa5669db
-
SHA1
eceab13ad2b687af069dd80a60f714dd345d019c
-
SHA256
6a1ef6c9c4a269735ad4093d064dd1c673c32bd24ebdcb8dd01c80d9e9e24876
-
SHA512
2f04e694216d52ee2ccab165067d14641993d1fc770736d8a813e8cdff82729e1eefc5e8945b6dfd65e9166ba227139b1c35c3742e3e56bcdd5f4392e3a5957d
-
SSDEEP
12288:4v26JAeIIn3gXWRadHKP5jaLEPkyndhv0x5blcAciPGK:G26JA4MW+KP5jaLEHndhvY53DG
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-