General
-
Target
PO-ToolingCT240230231-CTA240714.com.exe
-
Size
46KB
-
Sample
250120-t5c47synbk
-
MD5
1f33b2b038c4d62ef89483a746f86012
-
SHA1
c54c6647703964e2dc01f11f44cdcb29a112be90
-
SHA256
a4eb8041e9e7013243bed5391a31c3bdd813bcc64f928a8778b80e7ca31778f9
-
SHA512
8dbd263e8d4e518f427f706d85867c21e5e146317fcb1a73e7191d03c8bff75654ece51dc2242aa43dc18bfb7387ed0330f12df7f45749e78dece3d510a9fa08
-
SSDEEP
768:mKT/nyl4QXU2+kCYU1qLn2uDf6s6i5MXAjWHRc9EB+Yhd9eYBcriEsO:DT/yl472ls15u6fxc9E9haYiCO
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.iaa-airferight.com - Port:
587 - Username:
[email protected] - Password:
manlikeyou88 - Email To:
[email protected]
Targets
-
-
Target
PO-ToolingCT240230231-CTA240714.com.exe
-
Size
46KB
-
MD5
1f33b2b038c4d62ef89483a746f86012
-
SHA1
c54c6647703964e2dc01f11f44cdcb29a112be90
-
SHA256
a4eb8041e9e7013243bed5391a31c3bdd813bcc64f928a8778b80e7ca31778f9
-
SHA512
8dbd263e8d4e518f427f706d85867c21e5e146317fcb1a73e7191d03c8bff75654ece51dc2242aa43dc18bfb7387ed0330f12df7f45749e78dece3d510a9fa08
-
SSDEEP
768:mKT/nyl4QXU2+kCYU1qLn2uDf6s6i5MXAjWHRc9EB+Yhd9eYBcriEsO:DT/yl472ls15u6fxc9E9haYiCO
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-