General
-
Target
1cbbef03f82222e64ba32d7834fc6d1718b5cdb7f2f9b90ccf7d0732a95615f6.exe
-
Size
623KB
-
Sample
231206-v3728sfh8v
-
MD5
6792914f626e95b78d80338f91d69a76
-
SHA1
5ef98a41fdba1c55d3dee519ecf7461e5293c747
-
SHA256
1cbbef03f82222e64ba32d7834fc6d1718b5cdb7f2f9b90ccf7d0732a95615f6
-
SHA512
2f49c3b92b5bb59764729891ad24c6ad2e82fd46cbcbeeceae052607ee9a2204ed51caf60e4d9849603749459fc8c0e098e4dd74378ef175b3e3124f44659ce8
-
SSDEEP
12288:cl5nF8B0dLfQYOrb1/f2VFNbtvDIKB58VgmPLr4dqrlbv:cltdTXOXN2NbRIKnPmHHhbv
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
JUGCRsm9 - Email To:
[email protected]
Targets
-
-
Target
1cbbef03f82222e64ba32d7834fc6d1718b5cdb7f2f9b90ccf7d0732a95615f6.exe
-
Size
623KB
-
MD5
6792914f626e95b78d80338f91d69a76
-
SHA1
5ef98a41fdba1c55d3dee519ecf7461e5293c747
-
SHA256
1cbbef03f82222e64ba32d7834fc6d1718b5cdb7f2f9b90ccf7d0732a95615f6
-
SHA512
2f49c3b92b5bb59764729891ad24c6ad2e82fd46cbcbeeceae052607ee9a2204ed51caf60e4d9849603749459fc8c0e098e4dd74378ef175b3e3124f44659ce8
-
SSDEEP
12288:cl5nF8B0dLfQYOrb1/f2VFNbtvDIKB58VgmPLr4dqrlbv:cltdTXOXN2NbRIKnPmHHhbv
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-