General
-
Target
1add7850f0e91bdbf90ffe38defe66945a974d700ed2fc40b2030362dc75cc28
-
Size
666KB
-
Sample
240430-ccrnfshe8v
-
MD5
87ce82ceb427798e78225024452b7455
-
SHA1
086a515bc8b12aa395fefa0abcef64689a387648
-
SHA256
1add7850f0e91bdbf90ffe38defe66945a974d700ed2fc40b2030362dc75cc28
-
SHA512
c1054cc2fc7f312fe965d933eb6e83d20451f12bf32a479aead1d0f0a50996f5bb9272df0c7bc2f72deb3309d7fb6d07ff24bc6a41c196ab3c1a71db26d8b1bd
-
SSDEEP
12288:/aAvXzT370JbWobXi/Zk3cVwkMGHhMG43rtRboeniCcRetVQPMwgbIkR:mFbSesVkAM1btx1nOetePMwI
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.keeptraveling-eg.com - Port:
587 - Username:
[email protected] - Password:
Do76#Zbbdonia - Email To:
[email protected]
Targets
-
-
Target
1add7850f0e91bdbf90ffe38defe66945a974d700ed2fc40b2030362dc75cc28
-
Size
666KB
-
MD5
87ce82ceb427798e78225024452b7455
-
SHA1
086a515bc8b12aa395fefa0abcef64689a387648
-
SHA256
1add7850f0e91bdbf90ffe38defe66945a974d700ed2fc40b2030362dc75cc28
-
SHA512
c1054cc2fc7f312fe965d933eb6e83d20451f12bf32a479aead1d0f0a50996f5bb9272df0c7bc2f72deb3309d7fb6d07ff24bc6a41c196ab3c1a71db26d8b1bd
-
SSDEEP
12288:/aAvXzT370JbWobXi/Zk3cVwkMGHhMG43rtRboeniCcRetVQPMwgbIkR:mFbSesVkAM1btx1nOetePMwI
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-