General
-
Target
LZ_0378392893038_903883998___________________.XXE.zip
-
Size
623KB
-
Sample
240125-vwzghsbec4
-
MD5
178b1516bb79f82df1511b391cbf7670
-
SHA1
aaad7ccdcb3038850cbb1addc2c35bb9bd38deef
-
SHA256
966ddb584aa3b8d16396c83ca8f92eb5f112c0a7fa8ba5e885b8d2a071e09eac
-
SHA512
9449da21c035ad880c1ea9f09fed1ae1972af7ffc8b96a57296c0f3a06c23a9cb59ae7e5d6467d450be520f49abc860764867d4aeb9e30174c18f475d869f74d
-
SSDEEP
12288:LtRq5ppnfw7/r1JYNxoZEWJ8QgZ97XKtq5E2wAqu/QMJnRc2JnEENeDQPSIY0M:swP1JYQ78QO9jKQBF/Qgnm2JnOQ7M
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.worlorderbillions.top - Port:
587 - Username:
[email protected] - Password:
7ace90qwerty - Email To:
[email protected]
Targets
-
-
Target
LZ_0378392893038_903883998___________________.exe
-
Size
1.2MB
-
MD5
57871661c88f329a616146c49b61c18f
-
SHA1
c1bddb20bba99284864900a627180209f309a1a3
-
SHA256
3926e87c46de1b1637b022436f40375b9e0e7bfb0c5bc7ff4176ff9de208108a
-
SHA512
01fd4eb4f89d80f48837ee852c6ffae4b8e8f3e5b42ff0ce6af01ee11d1271c5a95f8ff25cbcaefd29417297927166eafe4e9b5af1380f2c29289a308604bd96
-
SSDEEP
24576:/AHnh+eWsN3skA4RV1Hom2KXMmHaee52JniQahz5:ih+ZkldoPK8YanwiQaD
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Kinsing
Kinsing is a loader written in Golang.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-