General
-
Target
cded71748f0c3329dedffd3480c06b1e2d4a6de041fb8f57d79c0804a13c66c6.exe
-
Size
459KB
-
Sample
241120-x4v56s1rcs
-
MD5
f3479cfbca6b45b517fd0fa008c808c2
-
SHA1
eb0652dcd03ed1a37680d2bc9fcb1952dce3a056
-
SHA256
cded71748f0c3329dedffd3480c06b1e2d4a6de041fb8f57d79c0804a13c66c6
-
SHA512
3c512ee62d1b21d03550a013003d210a099abcb1639bd8087555d339d0475881f15e102ef31b59552cb42cc250c3bc182812d4a6f75929a2f4df81cee4259a8e
-
SSDEEP
12288:peDy4DNVdtaMGWWVJtt/sooIcXwHQSG1hQjYZIgN4DVZdc8J:p8Dd31qC4cXwwSGbjWP
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
project2021blessing
Targets
-
-
Target
cded71748f0c3329dedffd3480c06b1e2d4a6de041fb8f57d79c0804a13c66c6.exe
-
Size
459KB
-
MD5
f3479cfbca6b45b517fd0fa008c808c2
-
SHA1
eb0652dcd03ed1a37680d2bc9fcb1952dce3a056
-
SHA256
cded71748f0c3329dedffd3480c06b1e2d4a6de041fb8f57d79c0804a13c66c6
-
SHA512
3c512ee62d1b21d03550a013003d210a099abcb1639bd8087555d339d0475881f15e102ef31b59552cb42cc250c3bc182812d4a6f75929a2f4df81cee4259a8e
-
SSDEEP
12288:peDy4DNVdtaMGWWVJtt/sooIcXwHQSG1hQjYZIgN4DVZdc8J:p8Dd31qC4cXwwSGbjWP
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
AgentTesla payload
-
Drops file in Drivers directory
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-