General
-
Target
116f7b303b869bffe0f72f7aabe57145edbd4282282b9cbc4ae651c952d5f106
-
Size
1.1MB
-
Sample
240705-blwhbs1dpb
-
MD5
010d87d1b5dcca54b5f02e8705da6941
-
SHA1
f20cb8d19a88672010399073871e5fed8e5d4882
-
SHA256
116f7b303b869bffe0f72f7aabe57145edbd4282282b9cbc4ae651c952d5f106
-
SHA512
a4c64b3cf93f34a98ae5cf75abfe879566adb8bf75693183e03fdd26cbe46893f6fd82e0422d15a7fbf89b1e3e2575d7243dbe46dccfdc76fc93db9ba89d25dc
-
SSDEEP
24576:SAHnh+eWsN3skA4RV1Hom2KXMmHap/RqtaJd0UrTdaCfpI5:Vh+ZkldoPK8Yap/4taJdrdaCc
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.albatraparts.com - Port:
587 - Username:
[email protected] - Password:
hani1952 - Email To:
[email protected]
Targets
-
-
Target
116f7b303b869bffe0f72f7aabe57145edbd4282282b9cbc4ae651c952d5f106
-
Size
1.1MB
-
MD5
010d87d1b5dcca54b5f02e8705da6941
-
SHA1
f20cb8d19a88672010399073871e5fed8e5d4882
-
SHA256
116f7b303b869bffe0f72f7aabe57145edbd4282282b9cbc4ae651c952d5f106
-
SHA512
a4c64b3cf93f34a98ae5cf75abfe879566adb8bf75693183e03fdd26cbe46893f6fd82e0422d15a7fbf89b1e3e2575d7243dbe46dccfdc76fc93db9ba89d25dc
-
SSDEEP
24576:SAHnh+eWsN3skA4RV1Hom2KXMmHap/RqtaJd0UrTdaCfpI5:Vh+ZkldoPK8Yap/4taJdrdaCc
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-