General
-
Target
4b071d413374cc0af8decf0b3c96d456e696e327f406514ad5852163bb7069f4
-
Size
699KB
-
Sample
240328-b66h2aad94
-
MD5
69987999d476b4a684aaf28ba14314f2
-
SHA1
ced47739060df5867dfb3beb8b73373f4b951ea1
-
SHA256
4b071d413374cc0af8decf0b3c96d456e696e327f406514ad5852163bb7069f4
-
SHA512
99cf525570d89cdf0c486c78ca73015a6812ad07c626ca7b1a5534a6e0986f6a02fd4e2e397d9e045cd82116d907aa10c437f74c9b1c57e6207940e704e3f566
-
SSDEEP
12288:oz7i88QlwcLTn1YGqxPRX1yBmys5ojOLufQgz79bHZ9lYYfkjITkcrZoT:oz7r8QCMTn1YGCRX1cuTafQg9lYITkfT
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.gosportz.in - Port:
587 - Username:
sales@gosportz.in - Password:
Ss@gosportz - Email To:
cintronp44@yandex.com
Targets
-
-
Target
4b071d413374cc0af8decf0b3c96d456e696e327f406514ad5852163bb7069f4
-
Size
699KB
-
MD5
69987999d476b4a684aaf28ba14314f2
-
SHA1
ced47739060df5867dfb3beb8b73373f4b951ea1
-
SHA256
4b071d413374cc0af8decf0b3c96d456e696e327f406514ad5852163bb7069f4
-
SHA512
99cf525570d89cdf0c486c78ca73015a6812ad07c626ca7b1a5534a6e0986f6a02fd4e2e397d9e045cd82116d907aa10c437f74c9b1c57e6207940e704e3f566
-
SSDEEP
12288:oz7i88QlwcLTn1YGqxPRX1yBmys5ojOLufQgz79bHZ9lYYfkjITkcrZoT:oz7r8QCMTn1YGCRX1cuTafQg9lYITkfT
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-