General
-
Target
Payment swift copy INV 00932024.tar.zip
-
Size
622KB
-
Sample
240426-hn7rpsbb41
-
MD5
cbbe661503131b2d371df476817eb09c
-
SHA1
2809ddd5cb5bf96d1d9def130422a46151d111a7
-
SHA256
29fae36d008fe8d38363a98a9de6497e6a8728fe8ad7baef3f7a6afdc2f35983
-
SHA512
dbc7698911376adf907505c295bce02d4e8e1da80c31ce8815cc589009d5bf364ac9bf1d8fde7831372353b3767710b733e0abd6845c169fbf5b7fed19029525
-
SSDEEP
12288:2btLr0wFxLZ4EvquFUjLaiB15rxxqm5pb5D8NUbBpZOi8JjW+YqM4V:qtLrNd3q4MaizTZPVA1M4V
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cmcapama.top - Port:
587 - Username:
[email protected] - Password:
EVEitDp@^lu~ - Email To:
[email protected]
Targets
-
-
Target
Payment swift copy INV 00932024.exe
-
Size
1.1MB
-
MD5
254d0303fffb227dde317b5e2bb664ae
-
SHA1
f538ce2f5b72eaf0ecfb4a0b4a8af43436c0fb46
-
SHA256
78fad406a45c2723861ac043560f4fcbe8ff4df4c5e49e702833944af1220e53
-
SHA512
a9ef2d93e73edeac629d4c927c4e439e9e5b5a67e718edc8e638f7a99bb25745335bf633091dfda02ff6df4b21100106d0f48f4e1882e24ed19294c984213203
-
SSDEEP
24576:NAHnh+eWsN3skA4RV1Hom2KXMmHa+Lm1ESsb5:sh+ZkldoPK8Ya+6af
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-