General
-
Target
a24d7b216f16834bf16c13bf1957ffdac993efaabe992fc89b2658e7dbf90442.exe
-
Size
77.0MB
-
Sample
241120-p3gbmawhlb
-
MD5
02b9c46d93e128f6f02221b8e6802531
-
SHA1
9d61d3c3c33cfce26064eaba1296a024aa0facac
-
SHA256
a24d7b216f16834bf16c13bf1957ffdac993efaabe992fc89b2658e7dbf90442
-
SHA512
b1c520ee401eb0737cfe379582da688aa59189c0f0259e24708f002df30b30470bc55b66c4765726b2604db4a5cd92c81fba7bb460bd7f65f08f6f089b490eca
-
SSDEEP
24576:ffmMv6Ckr7Mny5QL+zSuTvzGwS0nzIKFI8r5Bb:f3v+7/5QL+zZvYCFbr5h
Malware Config
Extracted
Protocol: smtp- Host:
mail.flujoauditorias.cl - Port:
587 - Username:
[email protected] - Password:
l;0jGu7J;z_a
Extracted
agenttesla
Protocol: smtp- Host:
mail.flujoauditorias.cl - Port:
587 - Username:
[email protected] - Password:
l;0jGu7J;z_a - Email To:
[email protected]
Targets
-
-
Target
a24d7b216f16834bf16c13bf1957ffdac993efaabe992fc89b2658e7dbf90442.exe
-
Size
77.0MB
-
MD5
02b9c46d93e128f6f02221b8e6802531
-
SHA1
9d61d3c3c33cfce26064eaba1296a024aa0facac
-
SHA256
a24d7b216f16834bf16c13bf1957ffdac993efaabe992fc89b2658e7dbf90442
-
SHA512
b1c520ee401eb0737cfe379582da688aa59189c0f0259e24708f002df30b30470bc55b66c4765726b2604db4a5cd92c81fba7bb460bd7f65f08f6f089b490eca
-
SSDEEP
24576:ffmMv6Ckr7Mny5QL+zSuTvzGwS0nzIKFI8r5Bb:f3v+7/5QL+zZvYCFbr5h
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-