General
-
Target
60a76abd8b488308bc351b66e600be142ac3006d48359f35863329c39215bb70
-
Size
558KB
-
Sample
240912-hv4nmaxcrf
-
MD5
57981c01675d4dbd0471d86dbaf39231
-
SHA1
d396cb9f26796927c7fc80b94fe466fe63d712e8
-
SHA256
60a76abd8b488308bc351b66e600be142ac3006d48359f35863329c39215bb70
-
SHA512
4b37dc91f68da04a35a206eac6f2b4f5e1d6327296ddf22cdfa5d289eaa41bc99e7f54acb29ce3539b19174badf50b03b45b64d3103bdc63e25425e425ea831f
-
SSDEEP
12288:7Ci9eMiU0vDNjPHUxhTeTNBIc5vcn+2mdVl4ve6N2vn+18h2yI8HMsS0+V:uM0NeeTNqucnjIVlQufhXI8HMPV
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mahesh-ent.com - Port:
587 - Username:
[email protected] - Password:
M@hesh3981 - Email To:
[email protected]
Targets
-
-
Target
Shipping Documents.exe
-
Size
583KB
-
MD5
bd50b8389578702100c55e976e636d2c
-
SHA1
04a8de3509219f30312a372dd365a84a2f853efe
-
SHA256
317d4b1683e217b6af80de147bbeb8581255f320dd11ca5c13b0796f837d42aa
-
SHA512
2ba298f9f2ddfac90aefd6587749f65002495bb3a8e7f7e5947ca7b7f654133329ca0ac9b69aae7c631155f6f865e4503350df6612c965fd22b3017d4d6e9543
-
SSDEEP
12288:LXe9PPlowWX0t6mOQwg1Qd15CcYk0We1FfCvz+1YhOyIIHMsulkf:ShloDX0XOf4oZhfIIHMgf
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-