General
-
Target
38dd40f513a27976db801977902758d84e4c46cf7f0386c26d250bf0db2c3a82
-
Size
543KB
-
Sample
241211-bkhj3sykav
-
MD5
cf383e540df0d4379bc52e0cdefc815c
-
SHA1
11ff8d381969d79b3e00729849a026d3daaa4dde
-
SHA256
38dd40f513a27976db801977902758d84e4c46cf7f0386c26d250bf0db2c3a82
-
SHA512
68c931b2e00744083ff9434e0111b6a66c608b2261681c9287642fcd363932378eaaecf2b82512bf059fdba481f15ef31182d6de0d91a862fb96f629809a8561
-
SSDEEP
6144:TI3qGNpibk9t+DIF/LCC4ujptxGAcwWekdDORenxuGgPkCCju97FT4oIU5nKx0dI:l8AsT1htK1OReDqJVFDn1dsb246xLwaA
Malware Config
Extracted
Protocol: smtp- Host:
mail.alltoursegypt.com - Port:
587 - Username:
[email protected] - Password:
OPldome23#12klein
Extracted
agenttesla
Protocol: smtp- Host:
mail.alltoursegypt.com - Port:
587 - Username:
[email protected] - Password:
OPldome23#12klein - Email To:
[email protected]
Targets
-
-
Target
64279`0872110.exe
-
Size
1.0MB
-
MD5
66f4aeb652dd6200d3c4187fafa4c513
-
SHA1
7fa99028b1d94aeea86df8aeb28a4e68ffb3f962
-
SHA256
1c4ab8825d4ecf2599100b4ae7ef3c22dce95952e6f8c9891fb8a35bc3ff1e86
-
SHA512
723d13c8fa3a103bb37b7d449046cdf505cbd2333ccd3811dc5e0c862491fe82fdb8dbe4c26105883e6f646d6bc048d2ece17417e69bbda3460ef2f1c9ebaac2
-
SSDEEP
24576:eu6J33O0c+JY5UZ+XC0kGso6FawmVCOHdloLWY:wu0c++OCvkGs9FawmVCOHTY
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-