General
-
Target
fae69b134cf4349b6caaac924c73c20172e9c6768501e4b63fc386bbe5ef7205
-
Size
771KB
-
Sample
240427-b37lxshc8x
-
MD5
59457f5e10d1ff4febded505f7f681e6
-
SHA1
1be7d43317d5639bce5715c21b76c040ef185a2c
-
SHA256
fae69b134cf4349b6caaac924c73c20172e9c6768501e4b63fc386bbe5ef7205
-
SHA512
f943f9af4e6f2bec7cf4bd5f769059eff1d418c653325e97a96f5e5f6ca1b3251cd977d63d3cb0fbc2dce91fd16d9ecf550732b744ae50c1cadaffb538bc1fb8
-
SSDEEP
12288:jozSA/e8HBdq2/FrhEucx4B7/BHivfrwq3tkMY0ghW7+4dqdA7i1a4aqWjbUh55j:jbgdBBppB7YbrmMYBP4+a4YynvWuSA
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.probending.co.th - Port:
587 - Username:
sales@probending.co.th - Password:
9aglmaj6C5hF - Email To:
quality@bspmetatech.com
Targets
-
-
Target
statement and invoices.exe
-
Size
828KB
-
MD5
7ca522120ba2f516eeabd3d3979c14eb
-
SHA1
3da00a3e7c38b1cab49e7a443a33de11dbd642fc
-
SHA256
9da495f395181d2188e798281ad85b82acdf6d1185c28885fe193c6c48f78a93
-
SHA512
2eb76c682e5f86f6148750003e4b51375d7ac58e3486157b0c55da98073fb6f852fa0ef209115f0c8223e2f081df4ecff56e181af540da49fd0819a832cb73b8
-
SSDEEP
24576:bDPjKr5BND8Vqr4MYBt7xa42c//Bs9zEi:vk5BNggrzia7c3SF
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-