General
-
Target
f8b5dcd1c184f861edfc7c29db1dd1ad495fdbcb3748f03c0880db211c3085dcexe.exe
-
Size
625KB
-
Sample
231205-wpy3vadf4z
-
MD5
fd449c40bc2b3d98e382da115c279ad2
-
SHA1
a3e5c9695f7c5545df0710e018cfff085ffaf7cd
-
SHA256
f8b5dcd1c184f861edfc7c29db1dd1ad495fdbcb3748f03c0880db211c3085dc
-
SHA512
e3da0fdd1372e910bbc05f1413f91a9574c3ec7c9d80b6430def9d43c533ebaf92e0f215146f5f7567fda0df6040aa2ad3518ae50731e642fb74bd6ab2c11153
-
SSDEEP
12288:r45+po2TPt2lDBxdSwzy9C1HWDn5c3a0agozg5gHYF90lQ4k6TfpP:q+pJLt2V3dSu1HWC3a0jyGTKk6TfpP
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mgsales.net - Port:
587 - Username:
[email protected] - Password:
.L&tA{$_f4+t - Email To:
[email protected]
Targets
-
-
Target
f8b5dcd1c184f861edfc7c29db1dd1ad495fdbcb3748f03c0880db211c3085dcexe.exe
-
Size
625KB
-
MD5
fd449c40bc2b3d98e382da115c279ad2
-
SHA1
a3e5c9695f7c5545df0710e018cfff085ffaf7cd
-
SHA256
f8b5dcd1c184f861edfc7c29db1dd1ad495fdbcb3748f03c0880db211c3085dc
-
SHA512
e3da0fdd1372e910bbc05f1413f91a9574c3ec7c9d80b6430def9d43c533ebaf92e0f215146f5f7567fda0df6040aa2ad3518ae50731e642fb74bd6ab2c11153
-
SSDEEP
12288:r45+po2TPt2lDBxdSwzy9C1HWDn5c3a0agozg5gHYF90lQ4k6TfpP:q+pJLt2V3dSu1HWC3a0jyGTKk6TfpP
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-