General
-
Target
4e446b04397ff757944c31ffcf7b7b1dfe99db5a889b42ce07a0f38bd2cfd90f
-
Size
1003KB
-
Sample
241116-bv9fjswlfy
-
MD5
40ea767162f7df6e360eb205a6ca22b6
-
SHA1
2c7bdc6b37aa5dbdad08acbd7963b1230cebe652
-
SHA256
4e446b04397ff757944c31ffcf7b7b1dfe99db5a889b42ce07a0f38bd2cfd90f
-
SHA512
cf78a895f63c24704ca61bb04080786786c0c05463d218e07bbe6a01de29c8fc68879855ba7b2838479e1ae3c5863f566d4c842069f7908cb31db1b35299140d
-
SSDEEP
12288:3tb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgay7mW6hCcYQEIS720pR5:3tb20pkaCqT5TBWgNQ7a6p/no0pR6A
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
162.254.34.31 - Port:
587 - Username:
[email protected] - Password:
JaR4LTajHPY5 - Email To:
[email protected]
Targets
-
-
Target
4e446b04397ff757944c31ffcf7b7b1dfe99db5a889b42ce07a0f38bd2cfd90f
-
Size
1003KB
-
MD5
40ea767162f7df6e360eb205a6ca22b6
-
SHA1
2c7bdc6b37aa5dbdad08acbd7963b1230cebe652
-
SHA256
4e446b04397ff757944c31ffcf7b7b1dfe99db5a889b42ce07a0f38bd2cfd90f
-
SHA512
cf78a895f63c24704ca61bb04080786786c0c05463d218e07bbe6a01de29c8fc68879855ba7b2838479e1ae3c5863f566d4c842069f7908cb31db1b35299140d
-
SSDEEP
12288:3tb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgay7mW6hCcYQEIS720pR5:3tb20pkaCqT5TBWgNQ7a6p/no0pR6A
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-