General
-
Target
TK956880-VBJ0OU836U-L46HIJE5678I.7z
-
Size
630KB
-
Sample
241119-rqhp2axbjg
-
MD5
347b4ada93702e802fadea11e8e93fe1
-
SHA1
2a1480b9bad1d9cc4613534e2f81cfc271a926ed
-
SHA256
02f49fcdf44578e0e96d09ce05d18bccdf45caa9824494482db4afea6018db00
-
SHA512
c86031946b3d9be033b1d578a6df95854b8feee540ce8d4aaf8493f74ed614e50da0605d20352041df1d0e1aeb1a8ac74aff5f1184182e6f16adaeb25ff92166
-
SSDEEP
12288:PPyjqhZ8eoeDsQN8nueyknueOPehgxXo/RvWuacjcxIgmufy/hO9WzZBnS:PPbTnoeDsQN8ueVnP0e24/4OcxbmufSe
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.worlorderbillions.top - Port:
587 - Username:
[email protected] - Password:
QBD{3zf.F+2F - Email To:
[email protected]
Targets
-
-
Target
TK956880-VBJ0OU836U-L46HIJE5678I.exe
-
Size
1.0MB
-
MD5
e2f9a719723b646d171ae8dae18348a8
-
SHA1
da37711b0a42325756ae57ecf8beb46ba8881f86
-
SHA256
cb81d8d4d0fac4ef80f49fdb82ec25881c299ecc0167e0665d4b91c5a62a86be
-
SHA512
60ec3365e424fb5d4a658d682fd5c7f4ede93f827a19e35c2677671493a92c8f8296be575b1667381add161cade5c0a723a4c1cc2ff9d354fe7f821c01e991fd
-
SSDEEP
24576:Ntb20pkaCqT5TBWgNQ7aMpOcVb4ujSQI8TlG6A:+Vg5tQ7aMpOcV8PQpU5
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Suspicious use of SetThreadContext
-