General
-
Target
becc21d6ae7dc880fc0a48654ad523633947c070886164052f6797105a3aed07
-
Size
1.1MB
-
Sample
240712-bwy17stakr
-
MD5
4af4203a2965244a98222d1ec83a9c4c
-
SHA1
5a3447a124db731bbf88e3e33a282bb2235e4b68
-
SHA256
becc21d6ae7dc880fc0a48654ad523633947c070886164052f6797105a3aed07
-
SHA512
06ada562f6fe68f815f91f18f06876b500a6aa3d23bb5567849c0ca10e14e04aab3cb5d83ddc216d7bc2e772b1c5f52f9715560da898652024a35fc0b01c268a
-
SSDEEP
24576:4AHnh+eWsN3skA4RV1Hom2KXMmHaF5Bk0HKCR+194R5:/h+ZkldoPK8YaF5BkQQ2
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.eatrepeatindia.com - Port:
587 - Username:
[email protected] - Password:
QQYIO12fxBmdO - Email To:
[email protected]
Targets
-
-
Target
becc21d6ae7dc880fc0a48654ad523633947c070886164052f6797105a3aed07
-
Size
1.1MB
-
MD5
4af4203a2965244a98222d1ec83a9c4c
-
SHA1
5a3447a124db731bbf88e3e33a282bb2235e4b68
-
SHA256
becc21d6ae7dc880fc0a48654ad523633947c070886164052f6797105a3aed07
-
SHA512
06ada562f6fe68f815f91f18f06876b500a6aa3d23bb5567849c0ca10e14e04aab3cb5d83ddc216d7bc2e772b1c5f52f9715560da898652024a35fc0b01c268a
-
SSDEEP
24576:4AHnh+eWsN3skA4RV1Hom2KXMmHaF5Bk0HKCR+194R5:/h+ZkldoPK8YaF5BkQQ2
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-