General
-
Target
81d099f1008d98346919c22f105e26e5.bin
-
Size
663KB
-
Sample
240329-cv7gmafc6t
-
MD5
b75151a648e831448cadff0972e04466
-
SHA1
efd609bb7d601d333a3324d164263ecc2d629dff
-
SHA256
4c8f1ae8983cb20eedbbe010ca58987b780cc7a4e555cd195439908e9ab849af
-
SHA512
faaf4105e10ecaf08e8491861b997ba07672ec3230bca97756d355e126fe6ebbec198a56bea4f98bb844c68eb25cc2edeba57917dbfc1b318eeea4d224339dcb
-
SSDEEP
12288:Q2Zwe36TVBPKzwX7N13rwzx8JuvMscEM1ZOJp/t6KasEyV:QRpzEI4CuvMscf18VwyV
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.starmech.net - Port:
587 - Username:
[email protected] - Password:
nics123 - Email To:
[email protected]
Targets
-
-
Target
1ddead5d6964c8e382d3b2ea694774ff58486bcfb7996015561cc9a03c61b536.exe
-
Size
740KB
-
MD5
81d099f1008d98346919c22f105e26e5
-
SHA1
de77e686d32adca574703621974811dc6c7d3b31
-
SHA256
1ddead5d6964c8e382d3b2ea694774ff58486bcfb7996015561cc9a03c61b536
-
SHA512
b174aa74461edcc8afee22134084d6de4001fdf5d7012fbcd904f119d3959d776b43fd91a25147c20d2dcfa0d18eeb0b554155d2c7380d55030e6dd2e28bf794
-
SSDEEP
12288:Wd1JsJ6SH1Sh2iNwCZDcTsTmmk82Zzl2VLlh5AMOYFC6Vljc4J+G30NuqDpfLpPd:Wd4w1GQQABk1Zzl4ph5vtCi0hBDpfLG
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-