General
-
Target
c517f3403c654ce34ac1ed5bb34175caa743755c449908fe8c6099a0104dd986
-
Size
1000KB
-
Sample
240327-bssp1sha29
-
MD5
ed92fdaff208f71c9fad5ec00afd4120
-
SHA1
7917116eb38783da7586da821fcafc33cacac50f
-
SHA256
c517f3403c654ce34ac1ed5bb34175caa743755c449908fe8c6099a0104dd986
-
SHA512
0eb017f034902f5ca3c3448b10c9901953bfb6f8d231e7dda7eb3f28ce133d80ecc131987e413fcf8ee9a523fdc2006b183338c310921b5a11e7de03a278f1b7
-
SSDEEP
24576:7AHnh+eWsN3skA4RV1Hom2KXMmHaOM1QELFg5:Wh+ZkldoPK8YaOMRk
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.enropalsrl.com - Port:
587 - Username:
[email protected] - Password:
C@e124356. - Email To:
[email protected]
Targets
-
-
Target
c517f3403c654ce34ac1ed5bb34175caa743755c449908fe8c6099a0104dd986
-
Size
1000KB
-
MD5
ed92fdaff208f71c9fad5ec00afd4120
-
SHA1
7917116eb38783da7586da821fcafc33cacac50f
-
SHA256
c517f3403c654ce34ac1ed5bb34175caa743755c449908fe8c6099a0104dd986
-
SHA512
0eb017f034902f5ca3c3448b10c9901953bfb6f8d231e7dda7eb3f28ce133d80ecc131987e413fcf8ee9a523fdc2006b183338c310921b5a11e7de03a278f1b7
-
SSDEEP
24576:7AHnh+eWsN3skA4RV1Hom2KXMmHaOM1QELFg5:Wh+ZkldoPK8YaOMRk
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-