General
-
Target
Po- Order 98540-00..exe
-
Size
736KB
-
Sample
231211-qrzjhafgar
-
MD5
2cf92861a9c618b09f22953f6edb73ef
-
SHA1
3086128a86938e89cbb58ebe364229ef7eb7f5b0
-
SHA256
c603271f1321b7edd2268827c0188b79dfb7847e85b128e47d7101602664ed4b
-
SHA512
462b056d7722d891d1c82a3840fe4e36d2261bec1dbd93a9d21b50866988d55c1fb0fcb342573e4281e4ee1f1081408f44a86e2d23b51064c823607e187e75cc
-
SSDEEP
12288:HLHqc3+GSueH5qvF8VUR5QghHs3I5ZR2eEkWooDNvUAu6p2sQJUGg7ombj/+9g5o:D/uGGqvLDvfDdWooDNHXWQsgFod
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sachingandhiarchitects.com - Port:
587 - Username:
[email protected] - Password:
devi060911 - Email To:
[email protected]
Targets
-
-
Target
Po- Order 98540-00..exe
-
Size
736KB
-
MD5
2cf92861a9c618b09f22953f6edb73ef
-
SHA1
3086128a86938e89cbb58ebe364229ef7eb7f5b0
-
SHA256
c603271f1321b7edd2268827c0188b79dfb7847e85b128e47d7101602664ed4b
-
SHA512
462b056d7722d891d1c82a3840fe4e36d2261bec1dbd93a9d21b50866988d55c1fb0fcb342573e4281e4ee1f1081408f44a86e2d23b51064c823607e187e75cc
-
SSDEEP
12288:HLHqc3+GSueH5qvF8VUR5QghHs3I5ZR2eEkWooDNvUAu6p2sQJUGg7ombj/+9g5o:D/uGGqvLDvfDdWooDNHXWQsgFod
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-