General
-
Target
acdc94bfa9599ba2b2076182d59767b0d0ea32089996e15150b2dadf3a53b6dd
-
Size
150KB
-
Sample
241229-bgjyqsxmgz
-
MD5
37cb3e4dbe27699672152a57538018c1
-
SHA1
629282e5dbc1fc6f457a5eb329247471af6c0fa1
-
SHA256
acdc94bfa9599ba2b2076182d59767b0d0ea32089996e15150b2dadf3a53b6dd
-
SHA512
24196125c148ecdba135560cf5e5c723480930a9710c9612cfa8747192ee267dcde04bcd0b985759a5fa2b2abf1b0a86afa6bef8d49392aea8cac14e2237342b
-
SSDEEP
1536:33jkxWXHAxy/11yYIWCPA7mWowboBveY6ni0cXHmp3cY0L5S1zJjTK6XiFZKj:Hj7Xgy/11yJvWnoBm5Qq3chdgzJjG62M
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
162.254.34.31 - Port:
587 - Username:
[email protected] - Password:
1qpxxBP5AbHZ - Email To:
[email protected]
Targets
-
-
Target
acdc94bfa9599ba2b2076182d59767b0d0ea32089996e15150b2dadf3a53b6dd
-
Size
150KB
-
MD5
37cb3e4dbe27699672152a57538018c1
-
SHA1
629282e5dbc1fc6f457a5eb329247471af6c0fa1
-
SHA256
acdc94bfa9599ba2b2076182d59767b0d0ea32089996e15150b2dadf3a53b6dd
-
SHA512
24196125c148ecdba135560cf5e5c723480930a9710c9612cfa8747192ee267dcde04bcd0b985759a5fa2b2abf1b0a86afa6bef8d49392aea8cac14e2237342b
-
SSDEEP
1536:33jkxWXHAxy/11yYIWCPA7mWowboBveY6ni0cXHmp3cY0L5S1zJjTK6XiFZKj:Hj7Xgy/11yJvWnoBm5Qq3chdgzJjG62M
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-