General
-
Target
c3ec7ac4cce04811706705acb4c0716d1b009be749b85705d07acf82e55ab308
-
Size
880KB
-
Sample
241124-bg3e3swmbz
-
MD5
638b6180d94923c159b49c1d3225e635
-
SHA1
8191ef17f47505070286a1c46058ff2d247a3fc6
-
SHA256
c3ec7ac4cce04811706705acb4c0716d1b009be749b85705d07acf82e55ab308
-
SHA512
ab82c14d9b87b71adcd53d9f686752694a7c4d2b6b96e0135a1921c0b2a779da38f09e67e947be921b5c6e48bdb8acba5fddd70a33ead9823e21aaccce6d84b8
-
SSDEEP
12288:pYA6tgpBhpj670qFNGrVmWKybvjIVbg/okXUM3O1b13gCQDL5IxNbToBfATE5:p4gFpu7dNgXRvZ5n3O1R45+oBfATE
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sajbh.com - Port:
587 - Username:
[email protected] - Password:
Saj@2014 - Email To:
[email protected]
Targets
-
-
Target
c3ec7ac4cce04811706705acb4c0716d1b009be749b85705d07acf82e55ab308
-
Size
880KB
-
MD5
638b6180d94923c159b49c1d3225e635
-
SHA1
8191ef17f47505070286a1c46058ff2d247a3fc6
-
SHA256
c3ec7ac4cce04811706705acb4c0716d1b009be749b85705d07acf82e55ab308
-
SHA512
ab82c14d9b87b71adcd53d9f686752694a7c4d2b6b96e0135a1921c0b2a779da38f09e67e947be921b5c6e48bdb8acba5fddd70a33ead9823e21aaccce6d84b8
-
SSDEEP
12288:pYA6tgpBhpj670qFNGrVmWKybvjIVbg/okXUM3O1b13gCQDL5IxNbToBfATE5:p4gFpu7dNgXRvZ5n3O1R45+oBfATE
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
AgentTesla payload
-
Suspicious use of SetThreadContext
-