General
-
Target
17323375902.zip
-
Size
509KB
-
Sample
240523-hdwxfsge39
-
MD5
8fd49fd1d1c2e2d2da7b1096b8325327
-
SHA1
5687cd7e3006dfd48ca8ecd77c163539c0e6bf2d
-
SHA256
f82201001b59349d21b69f20d2555ddecf6f536372e0154e9c8c2ab076a79e39
-
SHA512
5b88207bc31b28e4fff4316a72eb4a1297a263f24bc064541e42c51a349a1bddcb02f17a733900733f762f6f3d27267f208e964500bbca2dd6f1dac3cdc46bfb
-
SSDEEP
12288:R5A5+X389vM1WBSHsW8SKaJzhqGvl86mGJuNw:Ri5QsNM1NsW8zKhqG3CC
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
aYl@txL3 - Email To:
[email protected]
Targets
-
-
Target
2154355d065c01bd1f2033d19171c4feb73890f9b0b3b32f22b30465cf02cdcc
-
Size
534KB
-
MD5
964d279bfb23ac4da04351438d6687ff
-
SHA1
94b505b31344e90d230ada55c8a4c75e2909befa
-
SHA256
2154355d065c01bd1f2033d19171c4feb73890f9b0b3b32f22b30465cf02cdcc
-
SHA512
a2035d3c0ba90a4e936d0bdef283c320fce5abb515d8cbbe017db66d5bf057a8ac0b225faa775ce4cbada385d2d8c1cc1c6320090f55698b4888dc31236b6fca
-
SSDEEP
12288:QYV6MorX7qzuC3QHO9FQVHPF51jgcrQ2G3CaD2fCt0wewCflW9N8:vBXu9HGaVHcByhaeuiW9N8
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-