General
-
Target
152759e42a2cd468ce9b2ef9f7197da664f8ff20e28c641cc9c8f2a8a989bef6
-
Size
660KB
-
Sample
240225-brastahf29
-
MD5
691a00844e54375c6c0bf547dee09bac
-
SHA1
ea6c417484b4f7fb88167a4668d06597a2feff08
-
SHA256
152759e42a2cd468ce9b2ef9f7197da664f8ff20e28c641cc9c8f2a8a989bef6
-
SHA512
9f78ebc338332526d65ca47294b4a95e540b108021873dfbd3f50e2bed7bcb49798923c1d4480509713b20c15f0686d7cd3a27f69ff98151e0e86e44f2cc5c20
-
SSDEEP
12288:cvUu55gYThItoKQzNnqHD6VYyKXvBRM2fpFZAg8lFaHZs:uUc5wtoKQp2D6VYZXJRTRFT3Hq
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.wasstech.com - Port:
587 - Username:
[email protected] - Password:
Sunray2700@@ - Email To:
[email protected]
Targets
-
-
Target
152759e42a2cd468ce9b2ef9f7197da664f8ff20e28c641cc9c8f2a8a989bef6
-
Size
660KB
-
MD5
691a00844e54375c6c0bf547dee09bac
-
SHA1
ea6c417484b4f7fb88167a4668d06597a2feff08
-
SHA256
152759e42a2cd468ce9b2ef9f7197da664f8ff20e28c641cc9c8f2a8a989bef6
-
SHA512
9f78ebc338332526d65ca47294b4a95e540b108021873dfbd3f50e2bed7bcb49798923c1d4480509713b20c15f0686d7cd3a27f69ff98151e0e86e44f2cc5c20
-
SSDEEP
12288:cvUu55gYThItoKQzNnqHD6VYyKXvBRM2fpFZAg8lFaHZs:uUc5wtoKQp2D6VYZXJRTRFT3Hq
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-