General
-
Target
03032025_0628_REQUEST FOR DEMISTER- HOPPER SCALE AND CONVEYOR MACHINE.pdf.exe.iso
-
Size
1.1MB
-
Sample
250303-g74zgszq13
-
MD5
d07416c63c36dff101804e549a6298e7
-
SHA1
fcea176ee1908384afb826d1b1d9ca79f2b9c069
-
SHA256
e07a053e060ade739050f6ca9fe418e4bacda6e489cea2944d47ce457e28b217
-
SHA512
6ba95a609a3634c5b99adf565dcd3cf5f2d1ab4cb3b2d36df096ecf0d157b28381512c437f073d2d916326891e7f581f35037a5c20db598acdf3dc1eb8315e17
-
SSDEEP
24576:Eu6J33O0c+JY5UZ+XC0kGso6FajkiRFijUMaLFIWY:+u0c++OCvkGs9FajkiRFcUMaFY
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
graceofgod@amen - Email To:
[email protected]
Targets
-
-
Target
REQUEST FOR DEMISTER, HOPPER SCALE AND CONVEYOR MACHINE.pdf.exe
-
Size
1.0MB
-
MD5
3117e1fea82124f77a69bb235980a466
-
SHA1
6ec1f0dbee329f8b50b28e8db066ed16488dcf8d
-
SHA256
08bb478cb1a7ea9b27e688cb320cafd8d91073cb220d3f956b5c135a50d26c86
-
SHA512
07b927625a333f03aa034ae23e6fe702d4666cbdcbe1a0f05d42f94ace10141f7ad08cd998533342b6a1989469c6d6394673b92b3e4117131e80fd8ea1279524
-
SSDEEP
24576:Au6J33O0c+JY5UZ+XC0kGso6FajkiRFijUMaLFIWY:qu0c++OCvkGs9FajkiRFcUMaFY
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-