General
-
Target
13d3a1cdba937a0d1dcf706e85b320da66b2cc1ec1193839319511688847abbc.vbe
-
Size
8KB
-
Sample
250124-enx1qaymf1
-
MD5
608aa4b6781b5333f940f9d0a933313f
-
SHA1
72282fe231e6e43d0785188e5e8509ff9bd59b8c
-
SHA256
13d3a1cdba937a0d1dcf706e85b320da66b2cc1ec1193839319511688847abbc
-
SHA512
3dbf0e3538070a372adb492b771e8360b02f4f3c0cf09092493d0c9bf487eefb26a8ee3a468047f3f36b284f34325e21f6c77b7352ca9e38a20b53c092f2684c
-
SSDEEP
192:3eS9aNfePvTsC7kYna9INmRo4OCk01bB3K:tsmj7k4aaYRtOCLBa
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
162.254.34.31 - Port:
587 - Username:
[email protected] - Password:
M992uew1mw6Z - Email To:
[email protected]
Targets
-
-
Target
13d3a1cdba937a0d1dcf706e85b320da66b2cc1ec1193839319511688847abbc.vbe
-
Size
8KB
-
MD5
608aa4b6781b5333f940f9d0a933313f
-
SHA1
72282fe231e6e43d0785188e5e8509ff9bd59b8c
-
SHA256
13d3a1cdba937a0d1dcf706e85b320da66b2cc1ec1193839319511688847abbc
-
SHA512
3dbf0e3538070a372adb492b771e8360b02f4f3c0cf09092493d0c9bf487eefb26a8ee3a468047f3f36b284f34325e21f6c77b7352ca9e38a20b53c092f2684c
-
SSDEEP
192:3eS9aNfePvTsC7kYna9INmRo4OCk01bB3K:tsmj7k4aaYRtOCLBa
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-