General
-
Target
DSR -AIROLAM - 2024.exe
-
Size
650KB
-
Sample
240416-js9brsch53
-
MD5
529a483f705a652ad2943e48f22cc037
-
SHA1
b93f46e467c2f620884a9afdd70aaf8e0b6f65e7
-
SHA256
7b360b7d9ecc11f7eac58a50bca9abbb0ffcafb81df863eb24190d32fd3c6de6
-
SHA512
934c93a9a38fb64b768ad84f259af5b92710b86498076e2139d218af256da6168150ad94c48471eab17265c5bcdf033ef1076ce0297c4e2af9ad618957289301
-
SSDEEP
12288:daAvWzT370N692rKClw/znsMxiMDH+hNT13k8LrMNT1DKjlLw:VN6UrKClynjiMDuzXMNhD2k
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.alfainterplast.com.ua - Port:
587 - Username:
[email protected] - Password:
pay2024password$$ - Email To:
[email protected]
Targets
-
-
Target
DSR -AIROLAM - 2024.exe
-
Size
650KB
-
MD5
529a483f705a652ad2943e48f22cc037
-
SHA1
b93f46e467c2f620884a9afdd70aaf8e0b6f65e7
-
SHA256
7b360b7d9ecc11f7eac58a50bca9abbb0ffcafb81df863eb24190d32fd3c6de6
-
SHA512
934c93a9a38fb64b768ad84f259af5b92710b86498076e2139d218af256da6168150ad94c48471eab17265c5bcdf033ef1076ce0297c4e2af9ad618957289301
-
SSDEEP
12288:daAvWzT370N692rKClw/znsMxiMDH+hNT13k8LrMNT1DKjlLw:VN6UrKClynjiMDuzXMNhD2k
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-