General
-
Target
b92992bf42b574b3807fe52ffca445b0ad8d054d452e465c60afd03f8e05d49b
-
Size
1.1MB
-
Sample
240424-b7glasdh88
-
MD5
fc5d306d786d34136c984321c136fb9b
-
SHA1
93afd9cf02c428d506ab20649f953978025ce74a
-
SHA256
b92992bf42b574b3807fe52ffca445b0ad8d054d452e465c60afd03f8e05d49b
-
SHA512
177b0af31ec6d2d740941f9e693d0c889c1f2414360065ca81ee70a82bfc51f763d18f313a40f096c8c572823ab32a09408d2c8db2d0627875d9f22441bff695
-
SSDEEP
24576:zqDEvCTbMWu7rQYlBQcBiT6rprG8aPIo9OW1P/g0Fa:zTvC/MTQYxsWR7aPNP/g0F
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cash4cars.nz - Port:
587 - Username:
[email protected] - Password:
logs2024! - Email To:
[email protected]
Targets
-
-
Target
b92992bf42b574b3807fe52ffca445b0ad8d054d452e465c60afd03f8e05d49b
-
Size
1.1MB
-
MD5
fc5d306d786d34136c984321c136fb9b
-
SHA1
93afd9cf02c428d506ab20649f953978025ce74a
-
SHA256
b92992bf42b574b3807fe52ffca445b0ad8d054d452e465c60afd03f8e05d49b
-
SHA512
177b0af31ec6d2d740941f9e693d0c889c1f2414360065ca81ee70a82bfc51f763d18f313a40f096c8c572823ab32a09408d2c8db2d0627875d9f22441bff695
-
SSDEEP
24576:zqDEvCTbMWu7rQYlBQcBiT6rprG8aPIo9OW1P/g0Fa:zTvC/MTQYxsWR7aPNP/g0F
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-