General
-
Target
e249c3cf931a39ce861670aca977b737
-
Size
234KB
-
Sample
240327-zcv27seg9x
-
MD5
e249c3cf931a39ce861670aca977b737
-
SHA1
254f502d0e9709f95bbe045a4516afef612ce9e7
-
SHA256
3afa2f6a6fa28303c9fd4bc4f9c6f5c7ba36c0c58a8d161c106228a919d2d8ed
-
SHA512
38baf042bf700a2f01dda7b56bcdf4ac11a413f21c90d55308535dd11c6e88a20c7e80d7a1a85ee35bff47a8fb458c81c0bd60ba465a02fe800f155b33b215a1
-
SSDEEP
6144:x9P+k59oF8WaZbzbFXKSh1KGhDwoNzgc/P/97gPiS:x8k9DWaZpXL1KWDwdId6V
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp3.ines.ro - Port:
587 - Username:
[email protected] - Password:
GW!g&95W7rs - Email To:
[email protected]
Targets
-
-
Target
e249c3cf931a39ce861670aca977b737
-
Size
234KB
-
MD5
e249c3cf931a39ce861670aca977b737
-
SHA1
254f502d0e9709f95bbe045a4516afef612ce9e7
-
SHA256
3afa2f6a6fa28303c9fd4bc4f9c6f5c7ba36c0c58a8d161c106228a919d2d8ed
-
SHA512
38baf042bf700a2f01dda7b56bcdf4ac11a413f21c90d55308535dd11c6e88a20c7e80d7a1a85ee35bff47a8fb458c81c0bd60ba465a02fe800f155b33b215a1
-
SSDEEP
6144:x9P+k59oF8WaZbzbFXKSh1KGhDwoNzgc/P/97gPiS:x8k9DWaZpXL1KWDwdId6V
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-