General
-
Target
8B0DC82EAC367CB3F0987F8E74424C70172208186EBF8DFE201448D206BFBDA2
-
Size
1010KB
-
Sample
250103-jn1h3axpbn
-
MD5
c8302bcbf9ddc5036210328b51baf360
-
SHA1
25fc566c7dc14fe9f19cd12d73ac30c2dfb357aa
-
SHA256
8b0dc82eac367cb3f0987f8e74424c70172208186ebf8dfe201448d206bfbda2
-
SHA512
5ca5e62b998052c8d147dc83cb95bc17519897a425dd40bd9bb22fbf78b1ac337ba3846d6a02e831880ae444ec2a2b99c091b060b7f14fb34c7cfe1caaec68d7
-
SSDEEP
24576:ttb20pkaCqT5TBWgNQ7al7gU3Vcw6nYpLIJW6A:eVg5tQ7alsU3mZniLII5
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.wasstech.com - Port:
587 - Username:
[email protected] - Password:
Sunray2700@@ - Email To:
[email protected]
Targets
-
-
Target
8B0DC82EAC367CB3F0987F8E74424C70172208186EBF8DFE201448D206BFBDA2
-
Size
1010KB
-
MD5
c8302bcbf9ddc5036210328b51baf360
-
SHA1
25fc566c7dc14fe9f19cd12d73ac30c2dfb357aa
-
SHA256
8b0dc82eac367cb3f0987f8e74424c70172208186ebf8dfe201448d206bfbda2
-
SHA512
5ca5e62b998052c8d147dc83cb95bc17519897a425dd40bd9bb22fbf78b1ac337ba3846d6a02e831880ae444ec2a2b99c091b060b7f14fb34c7cfe1caaec68d7
-
SSDEEP
24576:ttb20pkaCqT5TBWgNQ7al7gU3Vcw6nYpLIJW6A:eVg5tQ7alsU3mZniLII5
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-