General
-
Target
a212cb057ef247f50d13b60031f5ef2527f1d86c79628a7d3d8bc328cbe1ccf6exe.exe
-
Size
565KB
-
Sample
231207-x3twqafh6s
-
MD5
e45e292ee1302005225b8ee245018cc8
-
SHA1
5dd2b9ee3d84b40e7d4aecc5cc068367729e88ea
-
SHA256
a212cb057ef247f50d13b60031f5ef2527f1d86c79628a7d3d8bc328cbe1ccf6
-
SHA512
a3d6cc6975682344ba35345a19df338ef753055ab3be22f6687c7a090846d980af98dcee76741134ddb82e09b2c48df9d11d1e66bfee6e10d710c146e679621b
-
SSDEEP
12288:h2AQaueH5q8IDUKiAhTM1cJ3lfi5EIKqi+6u4UXrcbyyEAo:h2EqxDXhTM+xlLIpiM4UQ9E
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.adityagroup.co - Port:
587 - Username:
[email protected] - Password:
Aditya!@#$%^ - Email To:
[email protected]
Targets
-
-
Target
a212cb057ef247f50d13b60031f5ef2527f1d86c79628a7d3d8bc328cbe1ccf6exe.exe
-
Size
565KB
-
MD5
e45e292ee1302005225b8ee245018cc8
-
SHA1
5dd2b9ee3d84b40e7d4aecc5cc068367729e88ea
-
SHA256
a212cb057ef247f50d13b60031f5ef2527f1d86c79628a7d3d8bc328cbe1ccf6
-
SHA512
a3d6cc6975682344ba35345a19df338ef753055ab3be22f6687c7a090846d980af98dcee76741134ddb82e09b2c48df9d11d1e66bfee6e10d710c146e679621b
-
SSDEEP
12288:h2AQaueH5q8IDUKiAhTM1cJ3lfi5EIKqi+6u4UXrcbyyEAo:h2EqxDXhTM+xlLIpiM4UQ9E
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-