General
-
Target
RFQ-HL51L05.tar
-
Size
622KB
-
Sample
240426-j2ajsscd73
-
MD5
599bd02ed7af53dd6ed848d6bfdb33ae
-
SHA1
fdea4494e3653b5bbfe55bdbdbb29cf4629a0bb4
-
SHA256
53c50ffec796c58a62159c70826e1903764ed8c43796900f834fd55f94e13660
-
SHA512
835a20bd05c7cd45a95fb9938b1390fb7357fd758fdb2a23273644964fe76b7cbbc09454ea853899dc75728ba3bcda36bace177790584cf052b02a7993b5d77a
-
SSDEEP
12288:ebtLr0wFxLZ4EvquFUjLaiB15rxxqm5pb5D8NUbBpZOi8JjW+YqM4U:CtLrNd3q4MaizTZPVA1M4U
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cmcapama.top - Port:
587 - Username:
[email protected] - Password:
EVEitDp@^lu~ - Email To:
[email protected]
Targets
-
-
Target
RFQ-HL51L05.exe
-
Size
1.1MB
-
MD5
254d0303fffb227dde317b5e2bb664ae
-
SHA1
f538ce2f5b72eaf0ecfb4a0b4a8af43436c0fb46
-
SHA256
78fad406a45c2723861ac043560f4fcbe8ff4df4c5e49e702833944af1220e53
-
SHA512
a9ef2d93e73edeac629d4c927c4e439e9e5b5a67e718edc8e638f7a99bb25745335bf633091dfda02ff6df4b21100106d0f48f4e1882e24ed19294c984213203
-
SSDEEP
24576:NAHnh+eWsN3skA4RV1Hom2KXMmHa+Lm1ESsb5:sh+ZkldoPK8Ya+6af
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-