General
-
Target
60fdeda779dcdb89493442339ce5ee674a18ab5ff7aae58c8213389df81d81dc.zip
-
Size
606KB
-
Sample
240229-f52wnsfd4z
-
MD5
e5d7d8c1340a76589cb26d0d5aa64575
-
SHA1
730aff3b734828670d55942ca8edd4c764e6a541
-
SHA256
60fdeda779dcdb89493442339ce5ee674a18ab5ff7aae58c8213389df81d81dc
-
SHA512
dcbb36d672030cad356b6359f276b142308b7a7b2120d68cd88fc99a5f128421c8d9849dbf424cf2b50911adacff7459e3fa747cc94738bf7101eda6c3210480
-
SSDEEP
12288:A5PudmiUx0FZ/iO654KZYI5y4XZ3S51/mQi0DIoWDydF7W9/35bteNPij:A5Puoh0//i7ZYI5yOZ36Bmd0DIoWDyTc
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.worlorderbillions.top - Port:
587 - Username:
[email protected] - Password:
@qwerty90123 - Email To:
[email protected]
Targets
-
-
Target
SC_68899267099268_46889090000_____.bat
-
Size
1.0MB
-
MD5
15352355072eeca0c4daebfc81873b12
-
SHA1
671fa8d5f44b373f4eada3200199c78e3a99ac9d
-
SHA256
611cb5bb898a10fd2ec7afc07b1f45eca785e427b28bb683fb4d181bcf056baf
-
SHA512
273c3c891cef2e5b3c833fb8e4b92ed9b60f6dec9510ee957504400ff01ffccff476e96a835a4bad3169bcbfe81b35ecb5800d7d4a36619465713307c6d1d84a
-
SSDEEP
24576:ltb20pkaCqT5TBWgNQ7aiS0D6oWDyF7M35btwCgk6A:WVg5tQ7ai7D6tM7Mphw65
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-