General
-
Target
bc2b81ee5871a2af529ba6d695e656c6.exe
-
Size
1.2MB
-
Sample
240125-eshftsfhb2
-
MD5
bc2b81ee5871a2af529ba6d695e656c6
-
SHA1
cd37ac6d57bf10ec32359b2c842289d1df784d25
-
SHA256
1c27a36f09916fc04a5b43b2a7a0869d62e31d5c28a315257caf661b428fe221
-
SHA512
5fe1369f36afdb6eeb3dd27461b7a58ffaea6bfd2efab925407f273fac9c58fd55086a8ea55d72b8b4a5834ed2e109939c1768c1ac2b3bff4e76d31b7ece3266
-
SSDEEP
24576:PAHnh+eWsN3skA4RV1Hom2KXMmHar3koY7memfo5:yh+ZkldoPK8YarUoY7meH
Malware Config
Extracted
Protocol: smtp- Host:
mymobileorder.com - Port:
587 - Username:
[email protected] - Password:
Grace@2023@121
Extracted
agenttesla
Protocol: smtp- Host:
mymobileorder.com - Port:
587 - Username:
[email protected] - Password:
Grace@2023@121 - Email To:
[email protected]
Targets
-
-
Target
bc2b81ee5871a2af529ba6d695e656c6.exe
-
Size
1.2MB
-
MD5
bc2b81ee5871a2af529ba6d695e656c6
-
SHA1
cd37ac6d57bf10ec32359b2c842289d1df784d25
-
SHA256
1c27a36f09916fc04a5b43b2a7a0869d62e31d5c28a315257caf661b428fe221
-
SHA512
5fe1369f36afdb6eeb3dd27461b7a58ffaea6bfd2efab925407f273fac9c58fd55086a8ea55d72b8b4a5834ed2e109939c1768c1ac2b3bff4e76d31b7ece3266
-
SSDEEP
24576:PAHnh+eWsN3skA4RV1Hom2KXMmHar3koY7memfo5:yh+ZkldoPK8YarUoY7meH
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-