General
-
Target
337d1f05a3bf83d7a42309f5155edaa070c4ba7219cec3346d98631af0cfb4a5.exe
-
Size
103KB
-
Sample
250111-dc2zvszpcw
-
MD5
d94c4aad05654b76b8b2624808355886
-
SHA1
f3c7911d8834836c22d78da8ae22e790ccd1429d
-
SHA256
337d1f05a3bf83d7a42309f5155edaa070c4ba7219cec3346d98631af0cfb4a5
-
SHA512
de80c7528d00e618a5071b93ccaf86cc697df6219f9e5adb4036aff163a9e87b88a461a8a36adecda1eebefd52d97630ac6d777c8c7a127759e2ea46938e0896
-
SSDEEP
768:79tVmtzb9+Os5hidy/vn61YPkAbBfmFdEugpWWF2zIV9XeS+ST6nkAv:BtVH7DidIkVFdvD0iIC/m8
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
162.254.34.31 - Port:
587 - Username:
[email protected] - Password:
ABwuRZS5Mjh5 - Email To:
[email protected]
Targets
-
-
Target
337d1f05a3bf83d7a42309f5155edaa070c4ba7219cec3346d98631af0cfb4a5.exe
-
Size
103KB
-
MD5
d94c4aad05654b76b8b2624808355886
-
SHA1
f3c7911d8834836c22d78da8ae22e790ccd1429d
-
SHA256
337d1f05a3bf83d7a42309f5155edaa070c4ba7219cec3346d98631af0cfb4a5
-
SHA512
de80c7528d00e618a5071b93ccaf86cc697df6219f9e5adb4036aff163a9e87b88a461a8a36adecda1eebefd52d97630ac6d777c8c7a127759e2ea46938e0896
-
SSDEEP
768:79tVmtzb9+Os5hidy/vn61YPkAbBfmFdEugpWWF2zIV9XeS+ST6nkAv:BtVH7DidIkVFdvD0iIC/m8
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-