General
-
Target
c644ca7f3f797ba602a1880f1cd49fc108ee0779fea2d8b8322d0d768e2182cd
-
Size
656KB
-
Sample
250115-bv61eswmbt
-
MD5
efb3a43b1cfbb0dc455f5d8d036533e8
-
SHA1
23029a52473d45af3a61fbc6238fc9d9d9ee7750
-
SHA256
c644ca7f3f797ba602a1880f1cd49fc108ee0779fea2d8b8322d0d768e2182cd
-
SHA512
55f45c57bcc25e090cafc4510db3e4a3f6cedc7909cfb7e44113487f93c69324899e1896eda4d96a0a2aebccd5b32369434633499f2f6bdcfcf0ccc9595170ca
-
SSDEEP
12288:NnHUWMcIf66KKpbyvjx/YAvE1d2RVep12wKEd1tymIM7avW2Po8oJa2M5+N:B/McB5hOAy2Ropd31ImIM7avvPoFJS+N
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.thelamalab.com - Port:
587 - Username:
[email protected] - Password:
Thel@malab@20!9 - Email To:
[email protected]
Targets
-
-
Target
SHIPPING DOCUMENTS.exe
-
Size
718KB
-
MD5
189df4d886ce158af73e5b17e71a5855
-
SHA1
21457dfa6c0bd2fc3c261fe37d86eb4e6ea9d61a
-
SHA256
47a6d649b918a7a00365351a872563afacbb744a7c0e3f2daa2edffd91bd3a5a
-
SHA512
1432ac6b5b3e0f0432e96b5e89cb90246d0395c0fef7eb2a0cea6c85f3b56c136f7d1563e781666330653fb3ddb9277744ef7342904437d5445daa5bb5c3d17f
-
SSDEEP
12288:CfxYRxA4Y5lyA/BxSPCmkBbyT9x/GjvEN5229d5pX28sEd1tEmuMDadW2zywof++:3ReUSjC522v5p1N1mmuMDadvzyBz
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Suspicious use of SetThreadContext
-