General
-
Target
NEAS.5aac8b2725bf21c389e686ec7121398627e7395d939a495b7417d86c87edb085.unknown
-
Size
1.4MB
-
Sample
231202-mf51csca88
-
MD5
02277508d7880f541defc8a818df2e70
-
SHA1
9ecebc9d41b18bf69a2dc91a63176c9b565b6349
-
SHA256
5aac8b2725bf21c389e686ec7121398627e7395d939a495b7417d86c87edb085
-
SHA512
cf6b06d7250e1f096c5e237b40d77be48e2304ece027d3a4aad0c9abf134cbfb40f627cf0f0f0419499d3315d1f8da959c4a8e88d5383a54eee8b423d9d4ab7d
-
SSDEEP
12288:SqIiVBOU0/NDKY/HIcffUTeOXbDnoF+Ix/9Xu2X0kjnuMWvKeEDNy:dBL0/VKY/rffUqi3oFN9RX0OeK
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.mailo.com - Port:
587 - Username:
[email protected] - Password:
Jesus234 - Email To:
[email protected]
Targets
-
-
Target
SHIPPING.EXE
-
Size
812KB
-
MD5
48535d05de459d0082d7c5d48981ab72
-
SHA1
64a044e111c5f3ca7f15d160a882960a9bca08d1
-
SHA256
d1498adfb3436e71220897f1a4903698f08aac33a4b846de49b05fe76a27f01e
-
SHA512
649af45d7dc4a1887fc9d08633aa6a6468fa060b2c44782bac818d231e36d38baf92ff32f89dd3affe4d7729ba20ef67db7f10ca256bab6773634a4779904b31
-
SSDEEP
12288:vqIiVBOU0/NDKY/HIcffUTeOXbDnoF+Ix/9Xu2X0kjnuMWvKeEDNy:yBL0/VKY/rffUqi3oFN9RX0OeK
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-