General
-
Target
3fad02c17d0c2aa3d844751dca796a73.bin
-
Size
4KB
-
Sample
240424-bnmcfade5x
-
MD5
6e72e653cdf686f943e0604092164e2e
-
SHA1
91ba8262871b32d84e5440d5ab247b84be579201
-
SHA256
f70a0c0a32155dcfcf38852b193b0bc291496f3d2bd0ec45b5d3ab88c018c9d1
-
SHA512
c7b733765755f3d1b632ecb70c61ad4f4c1a4f55eb82be761c4d20e0d3952a87452df318fd2fdf39624a1dba7417c3f51b50832f4ea855fd0ea70173611716bb
-
SSDEEP
96:L+EYjo7N7uNWT994jgDzbAtTBAbWV/Wo97TjjquRLtnZaHf8hrX3ZA+EP:ZN7uNo9zEBGWV/Wo97DhRtZGfIb3u
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cash4cars.nz - Port:
587 - Username:
[email protected] - Password:
logs2024! - Email To:
[email protected]
Targets
-
-
Target
aed7c4e379f2143449f6fda74b700945492d4653bf164f1b7b1906eb294477c3.bat
-
Size
7KB
-
MD5
3fad02c17d0c2aa3d844751dca796a73
-
SHA1
abcd5c5a24ff25a82ad7bb066c395d7e342db4da
-
SHA256
aed7c4e379f2143449f6fda74b700945492d4653bf164f1b7b1906eb294477c3
-
SHA512
550013284b9b0ae6845596a73cf3f2f0f85b802d7b35bba5f4bda0cf9bdbea767333e7381a9a2e375c0afb961836d710b98b5ab74f63435da8d07b56932e133a
-
SSDEEP
96:5W7mwHt8yNofgKf1FZI9cwfKxZceaDVB/GAIMMdL5LF+TnSDQBAqXHixCPK3B+85:WOyyvEZgZNc/OL5LF+/SCyR+TiF
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-