General
-
Target
9ebb6978d40e7e5870ee40d426ccc6cf7eff686b5d95375399c6d15388067f0d
-
Size
7.1MB
-
Sample
241120-bywzmayamj
-
MD5
9b2c361b77d2a5198602a24b473b506a
-
SHA1
01a4beda7991a7d5ad9717e25e3d47d219dec1f9
-
SHA256
9ebb6978d40e7e5870ee40d426ccc6cf7eff686b5d95375399c6d15388067f0d
-
SHA512
3fb44a807dc6bc1aaf97f7a39b06a870d1f8d19429cd699b1839ee4233d1267ab3fac535255b49d07d32937e79df888c1e75c52a725405b416ed99236465741e
-
SSDEEP
98304:YlaHVJHFOv9GJ6RiiOPriSL+pMI6cNKu4X2XfQ9rr6YrxV:ZHzFOvcOS0MRcNz4mI9qYtV
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.santonswitchgears.com - Port:
587 - Username:
[email protected] - Password:
cJPF@$I3 - Email To:
[email protected]
Targets
-
-
Target
9ebb6978d40e7e5870ee40d426ccc6cf7eff686b5d95375399c6d15388067f0d
-
Size
7.1MB
-
MD5
9b2c361b77d2a5198602a24b473b506a
-
SHA1
01a4beda7991a7d5ad9717e25e3d47d219dec1f9
-
SHA256
9ebb6978d40e7e5870ee40d426ccc6cf7eff686b5d95375399c6d15388067f0d
-
SHA512
3fb44a807dc6bc1aaf97f7a39b06a870d1f8d19429cd699b1839ee4233d1267ab3fac535255b49d07d32937e79df888c1e75c52a725405b416ed99236465741e
-
SSDEEP
98304:YlaHVJHFOv9GJ6RiiOPriSL+pMI6cNKu4X2XfQ9rr6YrxV:ZHzFOvcOS0MRcNz4mI9qYtV
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-