General
-
Target
Tender for Quote_MYQTRA031244úPDF.scr
-
Size
724KB
-
Sample
240522-xdeeqsce69
-
MD5
139aea4b0d247ae022c8da2586c6e0d0
-
SHA1
c95ec3c016fb2d7830e6de69a37b6d2adbee03eb
-
SHA256
6f62d88a4a3f98c4cbcc3f1a3065cd5fa6691149d2bc1354d2300491badabaa3
-
SHA512
d03843348a39bd5ebeacf3b95b2af8be15b0e8ef9aa6a11c5a4b2f1b46c49e0ca44bf090f091a433eac8fd919a09215de4cc8cb5192d63b699503a1a98a7ecc0
-
SSDEEP
6144:8uGrALElEJXNak6aW2GHEtkTsQbV2/njfdSknByQTdNzbFSRrL7XrpGX:5XaCGHvsw6NJX
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
gator3220.hostgator.com - Port:
587 - Username:
[email protected] - Password:
OBC#75@tsGreenPass@5974a - Email To:
[email protected]
Targets
-
-
Target
Tender for Quote_MYQTRA031244úPDF.scr
-
Size
724KB
-
MD5
139aea4b0d247ae022c8da2586c6e0d0
-
SHA1
c95ec3c016fb2d7830e6de69a37b6d2adbee03eb
-
SHA256
6f62d88a4a3f98c4cbcc3f1a3065cd5fa6691149d2bc1354d2300491badabaa3
-
SHA512
d03843348a39bd5ebeacf3b95b2af8be15b0e8ef9aa6a11c5a4b2f1b46c49e0ca44bf090f091a433eac8fd919a09215de4cc8cb5192d63b699503a1a98a7ecc0
-
SSDEEP
6144:8uGrALElEJXNak6aW2GHEtkTsQbV2/njfdSknByQTdNzbFSRrL7XrpGX:5XaCGHvsw6NJX
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-