General
-
Target
f86e4a8e2c8db288f490970fcc4cb8c03b49526693c3e8f06f05630cf1b773d6
-
Size
1.0MB
-
Sample
241222-bm7lzsxldy
-
MD5
61e5585819a9cd0874506aeeab1a0fe1
-
SHA1
1a810e6644bea516f00494871b7e7ee2e6712bcc
-
SHA256
f86e4a8e2c8db288f490970fcc4cb8c03b49526693c3e8f06f05630cf1b773d6
-
SHA512
38d259606c1b7118eb98ce1c7205425f99618fef4625ab02e9e51650ae87b3b793193043508cca9e7a498dd496775e0b0c7f1ac2f50c7be34950a81ce8f45e53
-
SSDEEP
24576:LdpejMfF/RSpCDCL8u+BIdTTscMT4YPTI74znWL2RxFZiigi05v0o1:qIf+02/+eZ7cnZDiiQv0W
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
162.254.34.31 - Port:
587 - Username:
[email protected] - Password:
1qpxxBP5AbHZ - Email To:
[email protected]
Targets
-
-
Target
f86e4a8e2c8db288f490970fcc4cb8c03b49526693c3e8f06f05630cf1b773d6
-
Size
1.0MB
-
MD5
61e5585819a9cd0874506aeeab1a0fe1
-
SHA1
1a810e6644bea516f00494871b7e7ee2e6712bcc
-
SHA256
f86e4a8e2c8db288f490970fcc4cb8c03b49526693c3e8f06f05630cf1b773d6
-
SHA512
38d259606c1b7118eb98ce1c7205425f99618fef4625ab02e9e51650ae87b3b793193043508cca9e7a498dd496775e0b0c7f1ac2f50c7be34950a81ce8f45e53
-
SSDEEP
24576:LdpejMfF/RSpCDCL8u+BIdTTscMT4YPTI74znWL2RxFZiigi05v0o1:qIf+02/+eZ7cnZDiiQv0W
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-