General
-
Target
9046- PA118- SUPPLY & INSTALLATION OF EQUIPMENTS OILFIELD EQUIPMENTS & SUPPLY.pdf.exe
-
Size
621KB
-
Sample
231207-l6sx2shc38
-
MD5
b4ca199a24f89305f407c5a4cc5c0323
-
SHA1
37f01604cd3128de1a1525d33b538d21ebce3fbf
-
SHA256
c7d5597ac8ed4d56434f101e6fe02c9ef5482f36502fa5b4f764b52ea643a5da
-
SHA512
ad3445d71495eb6b713ca40a42f0951eeb17fbeba15d963022f6a7d7aecd9f74aaddd576b554107818e8eeb3c3a0580ba6f40bc79c1773c2079f8dda5ed0c2af
-
SSDEEP
12288:OueH5qkEjDtnG3Tu1Zg4BfiVTQmf/NCUiMiCt7xY0aGqLCQ:Cq73o3Tu1Zg40T9/NviCt7hHCC
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
JUGCRsm9 - Email To:
[email protected]
Targets
-
-
Target
9046- PA118- SUPPLY & INSTALLATION OF EQUIPMENTS OILFIELD EQUIPMENTS & SUPPLY.pdf.exe
-
Size
621KB
-
MD5
b4ca199a24f89305f407c5a4cc5c0323
-
SHA1
37f01604cd3128de1a1525d33b538d21ebce3fbf
-
SHA256
c7d5597ac8ed4d56434f101e6fe02c9ef5482f36502fa5b4f764b52ea643a5da
-
SHA512
ad3445d71495eb6b713ca40a42f0951eeb17fbeba15d963022f6a7d7aecd9f74aaddd576b554107818e8eeb3c3a0580ba6f40bc79c1773c2079f8dda5ed0c2af
-
SSDEEP
12288:OueH5qkEjDtnG3Tu1Zg4BfiVTQmf/NCUiMiCt7xY0aGqLCQ:Cq73o3Tu1Zg40T9/NviCt7hHCC
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-