General
-
Target
DCV78I939025789245.scr.exe
-
Size
783KB
-
Sample
250115-t23wfszldr
-
MD5
97cf82806dd9456991840ee4c3cd9185
-
SHA1
f611d29307627e94ca584ed2f743846bdde37ab4
-
SHA256
7eaa48d7132470ee30d85752c4d699c2667ef54c3b8270b9a67d9bbc41021bf1
-
SHA512
d9aa8fae280c7b0ef342f7a9bf5c9c128ae0eb0e4199a25fbded9943be39650222bdc1af2b0b800193720ce259f86343eb2c07f577429b5d1cc520a17c8ed3f1
-
SSDEEP
12288:bfSYRxA4Y5lyA/BxSPC4sUBffSNXMajsOH7zjuFIkP0JhoaBHwj3yoplE1/6Bzla:BR3UNXMEvju+i0Jn5k/lE1/6tlNU
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.worlorderbillions.top - Port:
587 - Username:
[email protected] - Password:
QBD{3zf.F+2F - Email To:
[email protected]
Targets
-
-
Target
DCV78I939025789245.scr.exe
-
Size
783KB
-
MD5
97cf82806dd9456991840ee4c3cd9185
-
SHA1
f611d29307627e94ca584ed2f743846bdde37ab4
-
SHA256
7eaa48d7132470ee30d85752c4d699c2667ef54c3b8270b9a67d9bbc41021bf1
-
SHA512
d9aa8fae280c7b0ef342f7a9bf5c9c128ae0eb0e4199a25fbded9943be39650222bdc1af2b0b800193720ce259f86343eb2c07f577429b5d1cc520a17c8ed3f1
-
SSDEEP
12288:bfSYRxA4Y5lyA/BxSPC4sUBffSNXMajsOH7zjuFIkP0JhoaBHwj3yoplE1/6Bzla:BR3UNXMEvju+i0Jn5k/lE1/6tlNU
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Suspicious use of SetThreadContext
-