General
-
Target
b661bcf6f1e2bcf8ac459ce1269c961d0286c9c8375d5f3cdaf3b07d3a757867
-
Size
393KB
-
Sample
220521-pgc23saean
-
MD5
4c390116baca742b5386440f29aa3d44
-
SHA1
7ed022b5a69a0ad6681f7d06d88737d8d9dab6b7
-
SHA256
b661bcf6f1e2bcf8ac459ce1269c961d0286c9c8375d5f3cdaf3b07d3a757867
-
SHA512
4a889801a92227d26716675ab728acc8e4a9cdc1cd2d64b7506bcce6872ca47681f0e3e89f0018428db13b23bdb5dd1b0a099dcb0645cec5d5202f91c9453b9d
Malware Config
Extracted
Protocol: smtp- Host:
mail.elhabashy.com - Port:
587 - Username:
saied@elhabashy.com - Password:
saiedhabashy
Targets
-
-
Target
47itgh5QYKRc4tB.exe
-
Size
424KB
-
MD5
ab9cdef1128b833cceec46b35d2813fb
-
SHA1
64ee36e66f7fd8f4d3eee249b6be727962f04764
-
SHA256
0f1db1746c01fd5a8af61659123617e4eada6f472e99327098ed0e03fa979f2e
-
SHA512
73f466fefbb39f314a7b45f3b8e221dd1e44e798ffcc878ebc1ded962b452e0eb8734a5977618bf91da1951d16ffb27fbae315077d5f48c40692f5162127a1cd
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-