General
-
Target
5a67c4033d44cc5251ba0f360d2bfd573fdcb073293f555f82002d67971e3428
-
Size
757KB
-
Sample
240522-cvqh4shc97
-
MD5
0a95f584a5fa1e73932098f76bd1c2b7
-
SHA1
5b0ace847dbb4fbbab8ce5b6af86dc7cf086eb2f
-
SHA256
5a67c4033d44cc5251ba0f360d2bfd573fdcb073293f555f82002d67971e3428
-
SHA512
8ce792036b33a1cf58b348d1f20bd34843c2f941dc425a37cf03abbe6b61b7c3ecdbec7e597c72a97083126159e8bdb8e70c763a5207b2ea8d5c44035bbc6e61
-
SSDEEP
12288:+zUY6yWn7fcpVZlu/6uHa+AsFFIlUUfO2QWiPnKEyTKoRkGfpxXQSztqTn+x3n1B:NY698VVYXASFuDfhQWiP7chhxXfZFZjt
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.simnu.com - Port:
587 - Username:
[email protected] - Password:
L3tM31n*# - Email To:
[email protected]
Targets
-
-
Target
5a67c4033d44cc5251ba0f360d2bfd573fdcb073293f555f82002d67971e3428
-
Size
757KB
-
MD5
0a95f584a5fa1e73932098f76bd1c2b7
-
SHA1
5b0ace847dbb4fbbab8ce5b6af86dc7cf086eb2f
-
SHA256
5a67c4033d44cc5251ba0f360d2bfd573fdcb073293f555f82002d67971e3428
-
SHA512
8ce792036b33a1cf58b348d1f20bd34843c2f941dc425a37cf03abbe6b61b7c3ecdbec7e597c72a97083126159e8bdb8e70c763a5207b2ea8d5c44035bbc6e61
-
SSDEEP
12288:+zUY6yWn7fcpVZlu/6uHa+AsFFIlUUfO2QWiPnKEyTKoRkGfpxXQSztqTn+x3n1B:NY698VVYXASFuDfhQWiP7chhxXfZFZjt
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-