General
-
Target
f5aee285a15220c811ec857d5465162dbaff9699b2ad4aa5b17dbc7e8158e223
-
Size
1.1MB
-
Sample
250108-syya5axkel
-
MD5
bbba8cf191e975cdd0f0659a1594a13d
-
SHA1
be1f028b9d564a026d45d2ffc77817d8278353f5
-
SHA256
f5aee285a15220c811ec857d5465162dbaff9699b2ad4aa5b17dbc7e8158e223
-
SHA512
f2282b0302bc16728c65e8a4dd700036f8fadabf59b595d4e77c51691c95ec5d770892cddd905fba102478ffca3bb7f7100266dab881daf5e7140ec7ed9ee06d
-
SSDEEP
24576:XqDEvCTbMWu7rQYlBQcBiT6rprG8aftK49Hx+:XTvC/MTQYxsWR7af44Vx
Malware Config
Extracted
Protocol: smtp- Host:
mail.alltoursegypt.com - Port:
587 - Username:
[email protected] - Password:
OPldome23#12klein
Extracted
agenttesla
Protocol: smtp- Host:
mail.alltoursegypt.com - Port:
587 - Username:
[email protected] - Password:
OPldome23#12klein - Email To:
[email protected]
Targets
-
-
Target
f5aee285a15220c811ec857d5465162dbaff9699b2ad4aa5b17dbc7e8158e223
-
Size
1.1MB
-
MD5
bbba8cf191e975cdd0f0659a1594a13d
-
SHA1
be1f028b9d564a026d45d2ffc77817d8278353f5
-
SHA256
f5aee285a15220c811ec857d5465162dbaff9699b2ad4aa5b17dbc7e8158e223
-
SHA512
f2282b0302bc16728c65e8a4dd700036f8fadabf59b595d4e77c51691c95ec5d770892cddd905fba102478ffca3bb7f7100266dab881daf5e7140ec7ed9ee06d
-
SSDEEP
24576:XqDEvCTbMWu7rQYlBQcBiT6rprG8aftK49Hx+:XTvC/MTQYxsWR7af44Vx
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-