General
-
Target
f637a1086963c52db9a28a649e3acdaffcb8d1eb5f34adc460bb49fd42c369e7
-
Size
1008KB
-
Sample
241117-bjtwqaxkax
-
MD5
7cb8903a99b58eed8e590c38d0ea71c5
-
SHA1
79abc782ca739352e7d48e32972ea5e9ceeea0c7
-
SHA256
f637a1086963c52db9a28a649e3acdaffcb8d1eb5f34adc460bb49fd42c369e7
-
SHA512
fe0db446d27a73f8c195df4387226e3feb34d73d3bfa811a7ae94fcea0a4da195d9c4d52e67f623343f88e5649184e5adea32faa4e7f8e1e5639d658aeb612b7
-
SSDEEP
12288:Ttb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgaP7AXe4oFEw4sUdjYl6l:Ttb20pkaCqT5TBWgNQ7aDWvlwE+l6Ae
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
162.254.34.31 - Port:
587 - Username:
[email protected] - Password:
JaR4LTajHPY5 - Email To:
[email protected]
Targets
-
-
Target
f637a1086963c52db9a28a649e3acdaffcb8d1eb5f34adc460bb49fd42c369e7
-
Size
1008KB
-
MD5
7cb8903a99b58eed8e590c38d0ea71c5
-
SHA1
79abc782ca739352e7d48e32972ea5e9ceeea0c7
-
SHA256
f637a1086963c52db9a28a649e3acdaffcb8d1eb5f34adc460bb49fd42c369e7
-
SHA512
fe0db446d27a73f8c195df4387226e3feb34d73d3bfa811a7ae94fcea0a4da195d9c4d52e67f623343f88e5649184e5adea32faa4e7f8e1e5639d658aeb612b7
-
SSDEEP
12288:Ttb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgaP7AXe4oFEw4sUdjYl6l:Ttb20pkaCqT5TBWgNQ7aDWvlwE+l6Ae
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-