General
-
Target
5b3b3df47d5e857dae3b9c6fb4b7f03b85f58744d50007a42cc0c5769a9cf59dN
-
Size
915KB
-
Sample
241016-lc12kaxbrl
-
MD5
8c86b902a30a85acd4c2074d74751730
-
SHA1
5a68c4ed0a0794f4f2eb89c495871a3a37eb4470
-
SHA256
5b3b3df47d5e857dae3b9c6fb4b7f03b85f58744d50007a42cc0c5769a9cf59d
-
SHA512
8740908a26e07f80b09f08a39608073064974c5bd73d8c826fe37520a63f9ace0fa30abb99b4b3ec0424f434839855c1e7b130101974747a13b4b5dcbd340700
-
SSDEEP
24576:WtNwSIOU6QJKm4+a1qalkdvf6mNdxFmNxwZpzji:WtySO67PqaEvd1pzG
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.lavli.rs - Port:
587 - Username:
[email protected] - Password:
lavlirsinfo2010 - Email To:
[email protected]
Targets
-
-
Target
5b3b3df47d5e857dae3b9c6fb4b7f03b85f58744d50007a42cc0c5769a9cf59dN
-
Size
915KB
-
MD5
8c86b902a30a85acd4c2074d74751730
-
SHA1
5a68c4ed0a0794f4f2eb89c495871a3a37eb4470
-
SHA256
5b3b3df47d5e857dae3b9c6fb4b7f03b85f58744d50007a42cc0c5769a9cf59d
-
SHA512
8740908a26e07f80b09f08a39608073064974c5bd73d8c826fe37520a63f9ace0fa30abb99b4b3ec0424f434839855c1e7b130101974747a13b4b5dcbd340700
-
SSDEEP
24576:WtNwSIOU6QJKm4+a1qalkdvf6mNdxFmNxwZpzji:WtySO67PqaEvd1pzG
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-