General
-
Target
76898e1dff3ed8e3424a70e5613fb1a22cae12ed87efc596a9435808093c9682
-
Size
668KB
-
Sample
240330-bwy17sea7v
-
MD5
97baad479477574de262496cd52eaf23
-
SHA1
d1df999063a5ece1f7acb295eb99f56fef6f385f
-
SHA256
76898e1dff3ed8e3424a70e5613fb1a22cae12ed87efc596a9435808093c9682
-
SHA512
4572ca0addb5622e74cbac0c2c0381258c4f3f23d4e9a8eb8ac934a4a34a03035f7197da4406dd7916bee2190708b128b0e1c45dfe5ac3a75b59768fb82ace21
-
SSDEEP
12288:4wzLK1tUfoOkjDg5oagvMVnOS9ZKuyXxicuJd3G9b9aFge+u+4TSER:4iitmoOkjiQunOS9SaJ4raCe+u+U
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.satsllc.ae - Port:
587 - Username:
[email protected] - Password:
Ahsan@12345 - Email To:
[email protected]
Targets
-
-
Target
76898e1dff3ed8e3424a70e5613fb1a22cae12ed87efc596a9435808093c9682
-
Size
668KB
-
MD5
97baad479477574de262496cd52eaf23
-
SHA1
d1df999063a5ece1f7acb295eb99f56fef6f385f
-
SHA256
76898e1dff3ed8e3424a70e5613fb1a22cae12ed87efc596a9435808093c9682
-
SHA512
4572ca0addb5622e74cbac0c2c0381258c4f3f23d4e9a8eb8ac934a4a34a03035f7197da4406dd7916bee2190708b128b0e1c45dfe5ac3a75b59768fb82ace21
-
SSDEEP
12288:4wzLK1tUfoOkjDg5oagvMVnOS9ZKuyXxicuJd3G9b9aFge+u+4TSER:4iitmoOkjiQunOS9SaJ4raCe+u+U
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-