General
-
Target
New Order 7003153933.exe
-
Size
51KB
-
Sample
240220-l6n9vsef81
-
MD5
368f4d63fb824f67656ac1fcb84b2d5c
-
SHA1
1f6156bf633a3a29602954d5bbf4ef885320dfc6
-
SHA256
9c1d9d9cf94affb2508f6d01c7ae3f1e8ffb73c0954fa73d42ff3fd0eff989b4
-
SHA512
c15c2be7e3ee398a0fe81f943a61a5890c632f4e793779324be5d7c1f583f7dabf6e3b7de49d34f2fdad7027bd5b53d0a918ec713b8896e08906757498b881f7
-
SSDEEP
1536:h9IHVDN6VxMBQNl96iBFbBwvZqKTLnPyWaLfG:h9I1PB0l9pevZqKTLPyWaLfG
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.piyushpharmachem.com - Port:
587 - Username:
[email protected] - Password:
trueview30! - Email To:
[email protected]
Targets
-
-
Target
New Order 7003153933.exe
-
Size
51KB
-
MD5
368f4d63fb824f67656ac1fcb84b2d5c
-
SHA1
1f6156bf633a3a29602954d5bbf4ef885320dfc6
-
SHA256
9c1d9d9cf94affb2508f6d01c7ae3f1e8ffb73c0954fa73d42ff3fd0eff989b4
-
SHA512
c15c2be7e3ee398a0fe81f943a61a5890c632f4e793779324be5d7c1f583f7dabf6e3b7de49d34f2fdad7027bd5b53d0a918ec713b8896e08906757498b881f7
-
SSDEEP
1536:h9IHVDN6VxMBQNl96iBFbBwvZqKTLnPyWaLfG:h9I1PB0l9pevZqKTLPyWaLfG
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-