General
-
Target
32458cde90ad6c15c134b80ef0ab996d6a2cade3d91ca11f1004bc628532ef9f
-
Size
1.5MB
-
Sample
250123-bqbnqawmar
-
MD5
7e3902db8292fa63b9e02127b922729b
-
SHA1
85d5b4d8031bfc044e916dd389014653adba6084
-
SHA256
32458cde90ad6c15c134b80ef0ab996d6a2cade3d91ca11f1004bc628532ef9f
-
SHA512
2d49225a19e6c4ab4cdd5a64d9c5c2443c4de252f13be08ecf832f1a7adfd1d7f3072146fea4a5fd33b98713b8dd458a4c2ca765189313b753dd913f6fdb8e0c
-
SSDEEP
24576:cf343jiBIhZZBsNOHVj9tTA8yBq6u2SVoTsh7SenmQob43zMksGJM6oi+1q+:bUIhZZBsNOHVj9n49PTg7brKezBheU+
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.iaa-airferight.com - Port:
587 - Username:
[email protected] - Password:
webmaster - Email To:
[email protected]
Targets
-
-
Target
32458cde90ad6c15c134b80ef0ab996d6a2cade3d91ca11f1004bc628532ef9f
-
Size
1.5MB
-
MD5
7e3902db8292fa63b9e02127b922729b
-
SHA1
85d5b4d8031bfc044e916dd389014653adba6084
-
SHA256
32458cde90ad6c15c134b80ef0ab996d6a2cade3d91ca11f1004bc628532ef9f
-
SHA512
2d49225a19e6c4ab4cdd5a64d9c5c2443c4de252f13be08ecf832f1a7adfd1d7f3072146fea4a5fd33b98713b8dd458a4c2ca765189313b753dd913f6fdb8e0c
-
SSDEEP
24576:cf343jiBIhZZBsNOHVj9tTA8yBq6u2SVoTsh7SenmQob43zMksGJM6oi+1q+:bUIhZZBsNOHVj9n49PTg7brKezBheU+
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-