General
-
Target
03032025_0815_02032025_Request Quotation for Industrial Crane.pdf.iso
-
Size
1.1MB
-
Sample
250303-wqy48svsgw
-
MD5
2607f7d606258c013768b78391f8d797
-
SHA1
80937afdce5e6419ced3db3810871338cba8278e
-
SHA256
fdded0f7ad8f2b30c020fe6943166fd576319565b553ed00122639458d4f57e6
-
SHA512
efa4c1b17bfbf645fb744a519e962f5c1f1156b262aba0ff6830b381527c50ff6bef48fc1192b9b398ddd223ccff43b48293346c6c0f6c83e015541ed60f9548
-
SSDEEP
24576:8u6J33O0c+JY5UZ+XC0kGso6FajkiRFijUMaLFIWY:mu0c++OCvkGs9FajkiRFcUMaFY
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
graceofgod@amen - Email To:
[email protected]
Targets
-
-
Target
Request Quotation for Industrial Crane.pdf.exe
-
Size
1.0MB
-
MD5
3117e1fea82124f77a69bb235980a466
-
SHA1
6ec1f0dbee329f8b50b28e8db066ed16488dcf8d
-
SHA256
08bb478cb1a7ea9b27e688cb320cafd8d91073cb220d3f956b5c135a50d26c86
-
SHA512
07b927625a333f03aa034ae23e6fe702d4666cbdcbe1a0f05d42f94ace10141f7ad08cd998533342b6a1989469c6d6394673b92b3e4117131e80fd8ea1279524
-
SSDEEP
24576:Au6J33O0c+JY5UZ+XC0kGso6FajkiRFijUMaLFIWY:qu0c++OCvkGs9FajkiRFcUMaFY
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-