General
-
Target
Purchases Order.exe
-
Size
688KB
-
Sample
240416-kpavgafe61
-
MD5
af60b92bd160c7b73fbe9a3b5eeda034
-
SHA1
1930fb9e301f29017979b214b096e209a685752b
-
SHA256
44509a1580c18a2b3b59c340de7b28d7451ccbbb41e264e168bbe148c66ae930
-
SHA512
39ca7251ba3780e8575e6304e6270397be3be9e8aa0cdbf0a72d8dcb6ad6dea00c005e7f6b36b21ec384b5a237b1f5adf5d2650a92fc24aed87f9a7bcbd23958
-
SSDEEP
12288:6aNC1oLnhJmWH6G39IJ6kenAP2U4MvOo8JugErSRUSIn:+1o735j3qYtn62DMv/84zQIn
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.alfainterplast.com.ua - Port:
587 - Username:
[email protected] - Password:
pay2024password$$ - Email To:
[email protected]
Targets
-
-
Target
Purchases Order.exe
-
Size
688KB
-
MD5
af60b92bd160c7b73fbe9a3b5eeda034
-
SHA1
1930fb9e301f29017979b214b096e209a685752b
-
SHA256
44509a1580c18a2b3b59c340de7b28d7451ccbbb41e264e168bbe148c66ae930
-
SHA512
39ca7251ba3780e8575e6304e6270397be3be9e8aa0cdbf0a72d8dcb6ad6dea00c005e7f6b36b21ec384b5a237b1f5adf5d2650a92fc24aed87f9a7bcbd23958
-
SSDEEP
12288:6aNC1oLnhJmWH6G39IJ6kenAP2U4MvOo8JugErSRUSIn:+1o735j3qYtn62DMv/84zQIn
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-