General
-
Target
88d2ff6559451f67b09315c9f9aa72429838138faf78f7ecfd3d4981384336dd
-
Size
555KB
-
Sample
241122-bftrjs1lcw
-
MD5
c6a8ddb5b5a12f20f84a13402fc9df70
-
SHA1
7b8898e33c3e5bf4b950af26e4d713b4ceb06b62
-
SHA256
88d2ff6559451f67b09315c9f9aa72429838138faf78f7ecfd3d4981384336dd
-
SHA512
b7bfc8472c664b5f401d0c7450ba7a323709d1cd53c02ea6a3646a1e40d4290e800f9f5b79b0b6f0056467629b2770354caeaf055ecaefa5c01360c1b34c4ed1
-
SSDEEP
12288:3KMgxPa+SwEyw7t550QsbSlLhXMXohZnP0qShKCmRFWGcn:ahjOyw7v5gS1XKohZ8PwWdn
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp8nl.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
cy+G_(979n9N - Email To:
[email protected]
Targets
-
-
Target
Pago_FCT89079804578_00O67832678VE7.exe
-
Size
100.0MB
-
MD5
a7162e86e40c03d06052a54947dfd6a2
-
SHA1
2c238c1f58dc7f8b1fb578d353645478ff172436
-
SHA256
84dc3812c80a0c6137412e8aab999d00060d18ebd1646d1bacae3970978ebdc3
-
SHA512
7356135405cd5ec95fb7f9024011a445cea5754510681d84a4991be74c2397c4f3ac3910c0d04eabea3c404c3dc04a6a601eef9df4ea54634f5d3da62775d2a2
-
SSDEEP
24576:ttb20pkaCqT5TBWgNQ7a5wsJhcNz0on6A:eVg5tQ7a5RhcNAO5
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Suspicious use of SetThreadContext
-