General
-
Target
Shipping Document #100020486.exe
-
Size
1.1MB
-
Sample
241003-3g43fsselj
-
MD5
e42af0cd5d1346c37934b2887add33fa
-
SHA1
8962c64a6ea03e1e4d78c50edfd591320863981e
-
SHA256
cfdb0092d5a19db30d909d1cc1d883d441645e8b1641d9702a7cc7b1e78a4fb2
-
SHA512
8ffdbff3427e7cdfdf4195714534f3208eaec433b58be781d6284ab8a96b5169c2bb33ee82629fe0dee8c7f9f7ce9b5c31a16301c3ff8b492ac14838037d96d3
-
SSDEEP
24576:ffmMv6Ckr7Mny5QLRbVt4cVsHqRoJpC2QLOFKfW73hY:f3v+7/5QLRbVi5qAXLW
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
srv.masternic.net - Port:
587 - Username:
[email protected] - Password:
-H{2Szxi!%qb - Email To:
[email protected]
Targets
-
-
Target
Shipping Document #100020486.exe
-
Size
1.1MB
-
MD5
e42af0cd5d1346c37934b2887add33fa
-
SHA1
8962c64a6ea03e1e4d78c50edfd591320863981e
-
SHA256
cfdb0092d5a19db30d909d1cc1d883d441645e8b1641d9702a7cc7b1e78a4fb2
-
SHA512
8ffdbff3427e7cdfdf4195714534f3208eaec433b58be781d6284ab8a96b5169c2bb33ee82629fe0dee8c7f9f7ce9b5c31a16301c3ff8b492ac14838037d96d3
-
SSDEEP
24576:ffmMv6Ckr7Mny5QLRbVt4cVsHqRoJpC2QLOFKfW73hY:f3v+7/5QLRbVi5qAXLW
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-