General
-
Target
HASLK01240203628 Scan Copy.r09
-
Size
593KB
-
Sample
240326-mpzvpsgc46
-
MD5
7802b0eb35cf10723b27f54c862cb0be
-
SHA1
e215dfb65ee69690739ae9d2cee970dd07d80245
-
SHA256
bae58a6286d8fb60c1118d8024c0aa7e8e8476405b17d05b68502e6bce5b1fd8
-
SHA512
55e4361d32ca9f4b28a644b6f280279c176cdf6c0be72884cfac94683b75a26ac73a26a334861792295b7bfdaca4f2542c40511715bd4c84ffdecdb2c47ed42f
-
SSDEEP
12288:Y0LffZibT48SIYZRqBAI/g0nHzeRUbRAtTbhlt:Yu3ZG48SIaR7I/nHze9hhf
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
sg2plcpnl0128.prod.sin2.secureserver.net - Port:
587 - Username:
[email protected] - Password:
]EMe[F7b^j@[ - Email To:
[email protected]
Targets
-
-
Target
kYyBuIFRcL6U7Fl.exe
-
Size
604KB
-
MD5
dc6c813e0b5c0adab63e8f6e47d3fb76
-
SHA1
c9979e87cf35d8563a16bf52ad762c04c89badc9
-
SHA256
3d6012eb13b5a891571ea2d7c7bf120b9c12d479e5cb2c6ffc7e515e14c46866
-
SHA512
c3e83b275c6aedbf56fe581b6e5f5b7f9ec33573c460eca63590a33326c08378dd7ea04b1d80807fdfc74738d432adb9b37892a0655aff8611d2e30f4d9f9ef3
-
SSDEEP
12288:z+E26ddIYd1x66+9GreDc4bRbOpPE6/5kqRQeB0QzauW2a5W:aOwO1mQreDc4lypPp+kQelzauWS
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-