General
-
Target
4f9bdf8dc7e1ebdde387b09fad8292e5462d5f1ce1bbf227eee7ad6d12b9f1ad
-
Size
309KB
-
Sample
250423-gdgl4aysds
-
MD5
7aec1d458eb432d2681a14725a5a15a4
-
SHA1
f1b82a8ea078f37259461808bc71e33fe67f0a2d
-
SHA256
4f9bdf8dc7e1ebdde387b09fad8292e5462d5f1ce1bbf227eee7ad6d12b9f1ad
-
SHA512
495d40a171d894ff8937785fe8613fd3b85f153d856d6db06bd69cddeb3b15c160c9b785057cc435c4fdd2a0a47bf43a1caf3cfe527c2d53e151bf588635e66d
-
SSDEEP
6144:SYhIz2dh0kBgfNOcFv62oY1kQmpwbGO7rQsQ/rUHaXZpbyqzfQjWzLM8fROXvH8:SYRhX8OESU14mGX/Eupb7fDzofH8
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
162.254.34.31 - Port:
587 - Username:
[email protected] - Password:
26ivK6IyAzFg - Email To:
[email protected]
Targets
-
-
Target
DOC-SCAN 20250422pdf.vbe
-
Size
1.4MB
-
MD5
e74e9c45b6174df5b9fce15b790ad64f
-
SHA1
1b785dbbb0827ae8583269c3268e1fa4b66c4107
-
SHA256
8ca7465b2cebc546b19374162071bd15dd523bf7c47822679af3f32bf7b19125
-
SHA512
2ffcd4b22ba4a692557ea7f74c96d5eeb831818bdb18b071e70af1d6d4910c3478c2b2e1206253a174a860f4a5302cd002fac4dc52247ca97a8a3dbe978faa07
-
SSDEEP
24576:802hUXc2IkQqu9ytsCv+ofYoXtztBzBYbZjD8Yhg+r4FzIjlHOkPEHF30+Wgb8:zh1YLki
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-