General
-
Target
PO_CW00402902400429.exe
-
Size
1.6MB
-
Sample
240923-psckpazenf
-
MD5
e90237d59aa816120d3a2fe9ddb1536b
-
SHA1
a6876e3fdbeffbdc55db62327cd2dc328915dcfb
-
SHA256
f53ac19e1eaa2c09cd5d01fdf87d548fa6f93e02fe8562971a3b836675c0187b
-
SHA512
9a426e35bd853796cf8105c5f40bd5590eb42e0fbd662527ff39315bb965067984710c01f0c61e562cf2e7cbcd2f9be392d2e151c96c3b3a43151376c0274994
-
SSDEEP
49152:OAodtaG9kS2U84B+FLan9k5TRM9zlIVj6:y/B1X
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.visiontrade.ae - Port:
587 - Username:
[email protected] - Password:
,,.Ishaq2021 ,, - Email To:
[email protected]
Targets
-
-
Target
PO_CW00402902400429.exe
-
Size
1.6MB
-
MD5
e90237d59aa816120d3a2fe9ddb1536b
-
SHA1
a6876e3fdbeffbdc55db62327cd2dc328915dcfb
-
SHA256
f53ac19e1eaa2c09cd5d01fdf87d548fa6f93e02fe8562971a3b836675c0187b
-
SHA512
9a426e35bd853796cf8105c5f40bd5590eb42e0fbd662527ff39315bb965067984710c01f0c61e562cf2e7cbcd2f9be392d2e151c96c3b3a43151376c0274994
-
SSDEEP
49152:OAodtaG9kS2U84B+FLan9k5TRM9zlIVj6:y/B1X
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-