General
-
Target
caf4b10a21b5f04dacde6d63508a7d37b7ae81d66a381e41be311c870d69a81b
-
Size
51KB
-
Sample
250124-bqafnatrak
-
MD5
b590cc8881bf3f255800f14cedd0dd57
-
SHA1
19eb6694c13c1ad1be23d7425c2500c59090f30b
-
SHA256
caf4b10a21b5f04dacde6d63508a7d37b7ae81d66a381e41be311c870d69a81b
-
SHA512
2a90a4ffb48a975d6c061cf618a23753f2b26082bb27e80567c09d16d1e87d104fe87ba0f18110ffe23858d758f689e62c155d8926ab824d644050d04621c233
-
SSDEEP
384:DQc7UaUMrg7ilYqCndq5I16MjSj67WBTk0BthfifTZ2GShq6ki2lKxiIiW1sQS+1:EEDrgsCKc0Bvfr7F2zInyQS+ST6nkC1
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
162.254.34.31 - Port:
587 - Username:
[email protected] - Password:
6RLYuUCIH8hN - Email To:
[email protected]
Targets
-
-
Target
caf4b10a21b5f04dacde6d63508a7d37b7ae81d66a381e41be311c870d69a81b
-
Size
51KB
-
MD5
b590cc8881bf3f255800f14cedd0dd57
-
SHA1
19eb6694c13c1ad1be23d7425c2500c59090f30b
-
SHA256
caf4b10a21b5f04dacde6d63508a7d37b7ae81d66a381e41be311c870d69a81b
-
SHA512
2a90a4ffb48a975d6c061cf618a23753f2b26082bb27e80567c09d16d1e87d104fe87ba0f18110ffe23858d758f689e62c155d8926ab824d644050d04621c233
-
SSDEEP
384:DQc7UaUMrg7ilYqCndq5I16MjSj67WBTk0BthfifTZ2GShq6ki2lKxiIiW1sQS+1:EEDrgsCKc0Bvfr7F2zInyQS+ST6nkC1
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-