General
-
Target
86c67db74984b6ca858655a960405c0e0566c52cb1a7770dbcfc529dc906f3b1
-
Size
157KB
-
Sample
250117-bm6dxsxmas
-
MD5
66a039a52b73516c5a4a11b57877482a
-
SHA1
895f6c9fd75e7c6b4c8ea105c07d8b499231ca1a
-
SHA256
86c67db74984b6ca858655a960405c0e0566c52cb1a7770dbcfc529dc906f3b1
-
SHA512
d76bf6a14f2253af12c9485f0586c4d9ef5aa1ae686e82f50f5a67b934b123c301cb55d61d176b83e465be60807cc29dff58fe9dfc65eb8d4d4584af49927e52
-
SSDEEP
3072:Z1/gpqSTAQJAH+bllSadgUapnNxmvMA2ygGnCHwDx:X/gM1E5oIvZ2Zm
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
162.254.34.31 - Port:
587 - Username:
[email protected] - Password:
ABwuRZS5Mjh5 - Email To:
[email protected]
Targets
-
-
Target
IMG_10565703.exe
-
Size
425KB
-
MD5
6ac59cdf812e078404ced310c700a2d1
-
SHA1
cd655766af34c595a16fe232320349a39351e95b
-
SHA256
88f9a205f2b142304fe21997e0b0c06bf4d7b0277a9aff15d464aa3c332a3a33
-
SHA512
efb305af2a083d4b4137e2f87f37d26a1359f5eefeae61f1c0f422d5473b1d6c5c19f95751ce2d17fadb3656a51fd93d80d5ee7da74090c54a728230cb42b1ba
-
SSDEEP
6144:zCPXpKOghAzCyl96vNfrX+80jcBODVWKxpQP6Pq/9GjBr1:uXpC05l96lDXHA/xpRq/ojL
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-