General
-
Target
6646c4e3ca0575d05ec45ef1c36b241ff5f0fa8f16583a8f2ee7cd71135ea036
-
Size
946KB
-
Sample
231207-ch3b5sacg4
-
MD5
722b9c0b2401170906e72f7970890b18
-
SHA1
cffc47eb0b7bfd9c8837496d65138646e55b2b30
-
SHA256
6646c4e3ca0575d05ec45ef1c36b241ff5f0fa8f16583a8f2ee7cd71135ea036
-
SHA512
0d38924a00c708e680655997c1f3323b57c2e0859e56de0a7ae1a9e2687be670e2a9085eb0b546caa52730fb4339a4c2c4ce40389af04fe29b388ba73b90e37c
-
SSDEEP
24576:A4/uG2q8YKjmeMa55PuVyjcxYKJrasaBSJ1q:A4/uG2gKjmzCRugj2YKksaBj
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bezzleauto.com - Port:
587 - Username:
[email protected] - Password:
Kene123456789 - Email To:
[email protected]
Targets
-
-
Target
6646c4e3ca0575d05ec45ef1c36b241ff5f0fa8f16583a8f2ee7cd71135ea036
-
Size
946KB
-
MD5
722b9c0b2401170906e72f7970890b18
-
SHA1
cffc47eb0b7bfd9c8837496d65138646e55b2b30
-
SHA256
6646c4e3ca0575d05ec45ef1c36b241ff5f0fa8f16583a8f2ee7cd71135ea036
-
SHA512
0d38924a00c708e680655997c1f3323b57c2e0859e56de0a7ae1a9e2687be670e2a9085eb0b546caa52730fb4339a4c2c4ce40389af04fe29b388ba73b90e37c
-
SSDEEP
24576:A4/uG2q8YKjmeMa55PuVyjcxYKJrasaBSJ1q:A4/uG2gKjmzCRugj2YKksaBj
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-