General
-
Target
40f10623ef38e94cf15f439d71df9f5301e79713b21817bfac911ab99317c75c
-
Size
58KB
-
Sample
250423-fezzdsxtfy
-
MD5
b4f29fecf6c3681efd1b10fd63c04cd4
-
SHA1
830bf0b308d0a0dd15f65d9a96a259a78a689f79
-
SHA256
40f10623ef38e94cf15f439d71df9f5301e79713b21817bfac911ab99317c75c
-
SHA512
df5adc01048d32aad859fbefc4db67d7ec8e1efee11bc164ccfcf1cc037b0418fad6363fc8ea4e07e657c7baec50e224e3530ddddb1cd8b5897984a8669d655a
-
SSDEEP
1536:Gde9Y8IzaMIrZVmpf7kZ875IWzjQtC4UiLk7LdVCe:ICrZWfgZwKouBkH
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.iaa-airferight.com - Port:
587 - Username:
[email protected] - Password:
manlikeyou88 - Email To:
[email protected]
Targets
-
-
Target
Revised PO ACH1002407.com
-
Size
118KB
-
MD5
04d5d3f48850de6da5144f46eb4974f1
-
SHA1
36a8b2c71a6845df99f2413d4d4fa3bcb51cb2a0
-
SHA256
a97bd6181f3a2b21a3d52c888d84eae5c1c6c2686375b2c15848a77af765de26
-
SHA512
04c69b33f30cc92ff28281c1f04c0140e8e09066ee67e906308b1ead0d7ec5bb9811e4b117b6324320ce3f783a3e85f74f67df6df3cc767093a5d7efaca132ba
-
SSDEEP
3072:hPYfqYc5hZ7u1uIMtxUcecgUnv7mcd+rG:LTzCcllnv7B
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-