General
-
Target
66939cad8ad6ea772c4f93509fb43a63635024fcaf22605af3f6016a9bbc429b.xlsx
-
Size
700KB
-
Sample
240326-c1wx3sbh76
-
MD5
f8798b71a4fbd1465cdff6564bae7ee8
-
SHA1
fafb4ef1565a1b70c7b716924815ef4ca24c2892
-
SHA256
66939cad8ad6ea772c4f93509fb43a63635024fcaf22605af3f6016a9bbc429b
-
SHA512
3585de2a710028297c41cc0de204466bbed4434eecb2293247a0f5d3327ee0a87d3f38c54d6530a71a7a6dc6634f7153fd3a03584f6b54f68b4f8e7602e85c9d
-
SSDEEP
12288:QjxdXgLho7M8ONl4/pUPhVa45JM3hdh4pxrlIrN4Y8guHHH8aVzVtuIHzdA0bH1:kxJgV8XRUZVxkdgBqrN854IHOA
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.worlorderbillions.top - Port:
587 - Username:
[email protected] - Password:
@qwerty90123 - Email To:
[email protected]
Targets
-
-
Target
66939cad8ad6ea772c4f93509fb43a63635024fcaf22605af3f6016a9bbc429b.xlsx
-
Size
700KB
-
MD5
f8798b71a4fbd1465cdff6564bae7ee8
-
SHA1
fafb4ef1565a1b70c7b716924815ef4ca24c2892
-
SHA256
66939cad8ad6ea772c4f93509fb43a63635024fcaf22605af3f6016a9bbc429b
-
SHA512
3585de2a710028297c41cc0de204466bbed4434eecb2293247a0f5d3327ee0a87d3f38c54d6530a71a7a6dc6634f7153fd3a03584f6b54f68b4f8e7602e85c9d
-
SSDEEP
12288:QjxdXgLho7M8ONl4/pUPhVa45JM3hdh4pxrlIrN4Y8guHHH8aVzVtuIHzdA0bH1:kxJgV8XRUZVxkdgBqrN854IHOA
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-