General
-
Target
0720b21aaad77b348c22412e05d26592ddd990fc9f4fc15d3a4ebcc367cb831c
-
Size
72KB
-
Sample
250115-bk8fhawjax
-
MD5
931859934bfc8ee06890d1083655e809
-
SHA1
76cb9714e3a8490de213d12af9659363b263f61f
-
SHA256
0720b21aaad77b348c22412e05d26592ddd990fc9f4fc15d3a4ebcc367cb831c
-
SHA512
45afb02e5fb8673104f828d8abfaafb39e9cd1f5e2d66ed5240790e9708a4efaf009f12d5c207fefcb0183e79a3d55043bfae2e7d05281a1cad445d339990269
-
SSDEEP
1536:EBGx6CUjalmTPh2jVR/USJUPTgjNCYQ3cDGmFiCO:c86Ckwmb8jVR/USJUPT+NCj6Fi7
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.iaa-airferight.com - Port:
587 - Username:
[email protected] - Password:
manlikeyou88 - Email To:
[email protected]
Targets
-
-
Target
0720b21aaad77b348c22412e05d26592ddd990fc9f4fc15d3a4ebcc367cb831c
-
Size
72KB
-
MD5
931859934bfc8ee06890d1083655e809
-
SHA1
76cb9714e3a8490de213d12af9659363b263f61f
-
SHA256
0720b21aaad77b348c22412e05d26592ddd990fc9f4fc15d3a4ebcc367cb831c
-
SHA512
45afb02e5fb8673104f828d8abfaafb39e9cd1f5e2d66ed5240790e9708a4efaf009f12d5c207fefcb0183e79a3d55043bfae2e7d05281a1cad445d339990269
-
SSDEEP
1536:EBGx6CUjalmTPh2jVR/USJUPTgjNCYQ3cDGmFiCO:c86Ckwmb8jVR/USJUPT+NCj6Fi7
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-