General
-
Target
b2b0006585ba86458d9207e94e10fec7379e1445419772af417953cd4d689531
-
Size
1.0MB
-
Sample
240523-ct33taad6t
-
MD5
f27ad4ab520013e2f76d51af512b5b31
-
SHA1
c9cbd71c2d3cd1ee4581babae82db446f82e7e42
-
SHA256
b2b0006585ba86458d9207e94e10fec7379e1445419772af417953cd4d689531
-
SHA512
736cfb8351dda3bfa7ea25194960fb66d48439ea46e96022ff8f048efaa7185000222f01fb5b7fc6003c603de37e94db09b390f1f339cb3d09fa81b9cc04b4c2
-
SSDEEP
24576:7AHnh+eWsN3skA4RV1Hom2KXMmHaT16Y9lbuyK6j5:Wh+ZkldoPK8Ya5Pb1v
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.finolexpipes.com - Port:
587 - Username:
[email protected] - Password:
Finolex@678 - Email To:
[email protected]
Targets
-
-
Target
b2b0006585ba86458d9207e94e10fec7379e1445419772af417953cd4d689531
-
Size
1.0MB
-
MD5
f27ad4ab520013e2f76d51af512b5b31
-
SHA1
c9cbd71c2d3cd1ee4581babae82db446f82e7e42
-
SHA256
b2b0006585ba86458d9207e94e10fec7379e1445419772af417953cd4d689531
-
SHA512
736cfb8351dda3bfa7ea25194960fb66d48439ea46e96022ff8f048efaa7185000222f01fb5b7fc6003c603de37e94db09b390f1f339cb3d09fa81b9cc04b4c2
-
SSDEEP
24576:7AHnh+eWsN3skA4RV1Hom2KXMmHaT16Y9lbuyK6j5:Wh+ZkldoPK8Ya5Pb1v
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-