General
-
Target
43680d15253c03c6df241c645523de164cc2ff21270b241f6e21cbde83b07015
-
Size
12KB
-
Sample
240427-b1tx2sgc99
-
MD5
3e09dac22349c76c2589dd38c7c3c6c3
-
SHA1
74852521e1b3ccc8150d30fa53f1dfd3dca97849
-
SHA256
43680d15253c03c6df241c645523de164cc2ff21270b241f6e21cbde83b07015
-
SHA512
04b225dfa304554189c90e55a56051e1f6d9588acf2da3c4b0160c13ceb2f8b4edd73b0c0fbaf671e64decadd09fbc4441d09bca11e44f90661f58a7acb6c3cf
-
SSDEEP
384:+J9BHkNV436k6UqgoAu7d+mU5G6ix3nMR7H+bCRJOVpPgRcVNeb9Skk0YA7J:xV+/zqga7gP5Glx3nMRq2OVZgQkk0YK
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.controlfire.com.mx - Port:
587 - Username:
[email protected] - Password:
[;E4nNUMlscW - Email To:
[email protected]
Targets
-
-
Target
43680d15253c03c6df241c645523de164cc2ff21270b241f6e21cbde83b07015
-
Size
12KB
-
MD5
3e09dac22349c76c2589dd38c7c3c6c3
-
SHA1
74852521e1b3ccc8150d30fa53f1dfd3dca97849
-
SHA256
43680d15253c03c6df241c645523de164cc2ff21270b241f6e21cbde83b07015
-
SHA512
04b225dfa304554189c90e55a56051e1f6d9588acf2da3c4b0160c13ceb2f8b4edd73b0c0fbaf671e64decadd09fbc4441d09bca11e44f90661f58a7acb6c3cf
-
SSDEEP
384:+J9BHkNV436k6UqgoAu7d+mU5G6ix3nMR7H+bCRJOVpPgRcVNeb9Skk0YA7J:xV+/zqga7gP5Glx3nMRq2OVZgQkk0YK
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-