General
-
Target
aa587ebbf050bd4a1631fd2a3346232a
-
Size
694KB
-
Sample
240227-2nfsrsde3t
-
MD5
aa587ebbf050bd4a1631fd2a3346232a
-
SHA1
f898720c9f7ebf199d8400ff4f0a78cdd2f5fc43
-
SHA256
7336a855a84f2f2d0f49c00a9ccdd993135369b15fa93fc429c31bdcdb002cf6
-
SHA512
2a2ae165605514b06169215104cea55659dc8ea6fb42a05bfd0bc050704ced3f275bf3b6bf4cce67af140d6fcf598cd007285d12d3e995b57b170a92c65b4a86
-
SSDEEP
12288:UA+G/T5voQGYWYmjd+Z4dC++FHxaIXGClNLi/e1MGDauKzm0PnqgquWVO:tx7WFYpyd+ZYCvFRauldMZdPnS1VO
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.priserveinfra.com - Port:
587 - Username:
[email protected] - Password:
oppipl121019
Targets
-
-
Target
aa587ebbf050bd4a1631fd2a3346232a
-
Size
694KB
-
MD5
aa587ebbf050bd4a1631fd2a3346232a
-
SHA1
f898720c9f7ebf199d8400ff4f0a78cdd2f5fc43
-
SHA256
7336a855a84f2f2d0f49c00a9ccdd993135369b15fa93fc429c31bdcdb002cf6
-
SHA512
2a2ae165605514b06169215104cea55659dc8ea6fb42a05bfd0bc050704ced3f275bf3b6bf4cce67af140d6fcf598cd007285d12d3e995b57b170a92c65b4a86
-
SSDEEP
12288:UA+G/T5voQGYWYmjd+Z4dC++FHxaIXGClNLi/e1MGDauKzm0PnqgquWVO:tx7WFYpyd+ZYCvFRauldMZdPnS1VO
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-