General
-
Target
775a59d8a179f2af9729fc1b90fbb6753627dbfcb311f34c25bbd82b852e0741
-
Size
29KB
-
Sample
241229-bgghlsxpdl
-
MD5
4021659edbc7bacc6bcbda2675d35b41
-
SHA1
d0c282f43cdc71c80f9a267d1fec97c303c92f52
-
SHA256
775a59d8a179f2af9729fc1b90fbb6753627dbfcb311f34c25bbd82b852e0741
-
SHA512
d13ad42054cd9eb416a5f430ee4091c23470ead3dc60f55dfafdb3ee1e42adc64cc92738021ee441be9412f4b68c995e690f78a4be8982adf9ac7f3731fcdfd4
-
SSDEEP
192:aKlVAf8427ZaO7qyybgJzWgOXaAUwlfBC04sxxDfjJFQ77bhei3i64m/zH:aEdzqg5GKhwlJCXOxFm7bhCm/zH
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
162.254.34.31 - Port:
587 - Username:
[email protected] - Password:
1qpxxBP5AbHZ - Email To:
[email protected]
Targets
-
-
Target
775a59d8a179f2af9729fc1b90fbb6753627dbfcb311f34c25bbd82b852e0741
-
Size
29KB
-
MD5
4021659edbc7bacc6bcbda2675d35b41
-
SHA1
d0c282f43cdc71c80f9a267d1fec97c303c92f52
-
SHA256
775a59d8a179f2af9729fc1b90fbb6753627dbfcb311f34c25bbd82b852e0741
-
SHA512
d13ad42054cd9eb416a5f430ee4091c23470ead3dc60f55dfafdb3ee1e42adc64cc92738021ee441be9412f4b68c995e690f78a4be8982adf9ac7f3731fcdfd4
-
SSDEEP
192:aKlVAf8427ZaO7qyybgJzWgOXaAUwlfBC04sxxDfjJFQ77bhei3i64m/zH:aEdzqg5GKhwlJCXOxFm7bhCm/zH
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-