General
-
Target
5eec92634e55fea1d69b496287225fb5ea10faad1e27abf017fc819855a90982
-
Size
1.2MB
-
Sample
240607-b4qd2afe5y
-
MD5
c80e18247d8c779b96f4c1fa211956cc
-
SHA1
1375be0cab8b208ce12e4e7d09ca316fcd02d19e
-
SHA256
5eec92634e55fea1d69b496287225fb5ea10faad1e27abf017fc819855a90982
-
SHA512
93befe523e7d131171586285d0d9ad1fd81ec5b5bb6d4d35b3ed9ad55bb514e450f9dadb84d151f3bf223e6b77c32183fb639fe50578876669489be508d8b988
-
SSDEEP
12288:ugWUQhUBDH38hho5nDIUFlIFE5nxRk1mw1mrguT6L49qSH7QTWH4pWZuv7M:oOl384ncE5xiNIcu79tTHmWZ
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mosir.ehost.pl - Port:
587 - Username:
[email protected] - Password:
dataset123 - Email To:
[email protected]
Targets
-
-
Target
doc023571961904.bat
-
Size
642KB
-
MD5
f315776e8c0b03971bd9c6d7a5a49995
-
SHA1
4f42cc1c9db3da718796c5623ea653ce38b551be
-
SHA256
45431a6589e9d77eb2df9bef800ce40a0b77f71d8faf1c99b08b76b3ec7f84ca
-
SHA512
2e5a2887dcb7ee048f271258cd5f0fd7fe73740f222038d0fd984b61d838ed18340e28ac802e25c5b6534385f84693d13cf1123a850f19e1d051334f0c80d592
-
SSDEEP
12288:5gWUQhUBDH38hho5nDIUFlIFE5nxRk1mw1mrguT6L49qSH7QTWH4pWZuv7M1:1Ol384ncE5xiNIcu79tTHmWZ3
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-