General
-
Target
3b593da5f678af89946aebb762ab465c627a4dea6942b1a134a22536fb9ec7b6.exe
-
Size
1.3MB
-
Sample
250114-cvqh4stpcv
-
MD5
253aa736dcd90caa801ba4aad9f0b7ce
-
SHA1
2545298c281e583269f7b24d2c20b9f176056fda
-
SHA256
3b593da5f678af89946aebb762ab465c627a4dea6942b1a134a22536fb9ec7b6
-
SHA512
204c654b51ac3f6e921648c755e8e20b7eb26066d0ff012d4fb9d974cfcaa0e2380c2aa8785ac578c88d41bee9780d77fe19b36a388ec9ad591702137f4386f4
-
SSDEEP
24576:uJc06N6kTdOUmt9HbygoY8VB5Lc4DYWktF1pGlwgUd0z+A:umoBl7oY8zVc4sWC1wl/UdvA
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.iaa-airferight.com - Port:
587 - Username:
[email protected] - Password:
webmaster - Email To:
[email protected]
Targets
-
-
Target
3b593da5f678af89946aebb762ab465c627a4dea6942b1a134a22536fb9ec7b6.exe
-
Size
1.3MB
-
MD5
253aa736dcd90caa801ba4aad9f0b7ce
-
SHA1
2545298c281e583269f7b24d2c20b9f176056fda
-
SHA256
3b593da5f678af89946aebb762ab465c627a4dea6942b1a134a22536fb9ec7b6
-
SHA512
204c654b51ac3f6e921648c755e8e20b7eb26066d0ff012d4fb9d974cfcaa0e2380c2aa8785ac578c88d41bee9780d77fe19b36a388ec9ad591702137f4386f4
-
SSDEEP
24576:uJc06N6kTdOUmt9HbygoY8VB5Lc4DYWktF1pGlwgUd0z+A:umoBl7oY8zVc4sWC1wl/UdvA
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-