General
-
Target
SecuriteInfo.com.Trojan.PackedNET.2698.11030.8996.exe
-
Size
687KB
-
Sample
240222-vypebsch5s
-
MD5
3431cb842330770cdcd77c7b18fb3825
-
SHA1
a2092b85970c2e60d0c697718516e8db18298608
-
SHA256
23806e1b81a7d5e5df3861e5d451d1d4f06c27c320b7c081bd8b1ea71b790f64
-
SHA512
f4dfbf95ffd52b8d413ee92b9132361b2a5ccfce3650229ac2cc67d8c66ce23104e7133ef0424c5e53c88564add291a947659e12851ffa83898507b119e5f730
-
SSDEEP
12288:ows/3P5Ujd53Llv+7UNJksS8xrmo3P2JBIBOV8vgmeS71Ovh:cBK5hTxrBv4S71s
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.itresinc.com - Port:
587 - Username:
[email protected] - Password:
MT]ANFjWzKTA - Email To:
[email protected]
Targets
-
-
Target
SecuriteInfo.com.Trojan.PackedNET.2698.11030.8996.exe
-
Size
687KB
-
MD5
3431cb842330770cdcd77c7b18fb3825
-
SHA1
a2092b85970c2e60d0c697718516e8db18298608
-
SHA256
23806e1b81a7d5e5df3861e5d451d1d4f06c27c320b7c081bd8b1ea71b790f64
-
SHA512
f4dfbf95ffd52b8d413ee92b9132361b2a5ccfce3650229ac2cc67d8c66ce23104e7133ef0424c5e53c88564add291a947659e12851ffa83898507b119e5f730
-
SSDEEP
12288:ows/3P5Ujd53Llv+7UNJksS8xrmo3P2JBIBOV8vgmeS71Ovh:cBK5hTxrBv4S71s
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-