General
-
Target
nSCH_679202672I8I92IAF0__________________.lzh.zip
-
Size
582KB
-
Sample
240521-b1tmaaed5x
-
MD5
31fb7bd9cde2714364f9ddc6d6a95869
-
SHA1
095c3af8ac3493c57851719de2b801fdc8ee269f
-
SHA256
039e188f508e983782f54016c77b3abc6cc7af540df36bded2a6d5ca87353e76
-
SHA512
9d2ec4d0dc3a5c6b0933c7828d2eb5e106ada7341da735342371ce43bb14b9d511618075effa0eb09b9753395de2469ed8e504472c93f8154e6a7dd42d690fc8
-
SSDEEP
12288:aJZYh0wFQtr2hf4pz2McEwAuSV8E8naUDJ:azYhNuw9e2MySVSnaUDJ
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.worlorderbillions.top - Port:
587 - Username:
[email protected] - Password:
@qwerty90123 - Email To:
[email protected]
Targets
-
-
Target
SCH_679202672I8I92IAF0__________________.exe
-
Size
1.0MB
-
MD5
1466cc32f65bd20c27b6ac8cdc681842
-
SHA1
2189be4c165c5d99b5245c8e060ecd6c0114e379
-
SHA256
ea27b0448741187755bc86ce7db728b1da41c3fff5651964332c79670981015c
-
SHA512
eb2d7297d228aa89052b48a447c09f507cc2e5988f79bc27e19ac21e90e25e46751426e72d9cb6464b225f587c036dde57fedc28ec65880c3f7e460c61792d0b
-
SSDEEP
24576:CAHnh+eWsN3skA4RV1Hom2KXMmHaRxVCnalKH5:Fh+ZkldoPK8YaRbZlG
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-