General
-
Target
0c8117599f256ad39f13b4ed9b5271174c073e94047ed3acf8ef809d2812ae9a.exe
-
Size
1.1MB
-
Sample
250111-cpzjtsymgz
-
MD5
be84cfd73eda412a79eb13ffa896a702
-
SHA1
992ccd119d7b8d6dc9771d708aa809414496e2ff
-
SHA256
0c8117599f256ad39f13b4ed9b5271174c073e94047ed3acf8ef809d2812ae9a
-
SHA512
2bb102e7aaa9cc0832cafbf4dd54aaf5fb18ae4986af6a6723527a1b2f53d0cab9d4fa27a913a5e05d2468dbca4536979c96ab17c043bbb7a739ec01c88d6543
-
SSDEEP
24576:WfmMv6Ckr7Mny5QKE2G0xXetum3IkD13K:W3v+7/5QK7xut/3X6
Malware Config
Extracted
Protocol: smtp- Host:
smtp.zoho.eu - Port:
587 - Username:
[email protected] - Password:
office12#
Extracted
agenttesla
Protocol: smtp- Host:
smtp.zoho.eu - Port:
587 - Username:
[email protected] - Password:
office12# - Email To:
[email protected]
Targets
-
-
Target
0c8117599f256ad39f13b4ed9b5271174c073e94047ed3acf8ef809d2812ae9a.exe
-
Size
1.1MB
-
MD5
be84cfd73eda412a79eb13ffa896a702
-
SHA1
992ccd119d7b8d6dc9771d708aa809414496e2ff
-
SHA256
0c8117599f256ad39f13b4ed9b5271174c073e94047ed3acf8ef809d2812ae9a
-
SHA512
2bb102e7aaa9cc0832cafbf4dd54aaf5fb18ae4986af6a6723527a1b2f53d0cab9d4fa27a913a5e05d2468dbca4536979c96ab17c043bbb7a739ec01c88d6543
-
SSDEEP
24576:WfmMv6Ckr7Mny5QKE2G0xXetum3IkD13K:W3v+7/5QK7xut/3X6
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-