General
-
Target
EWHXClLVWa0H34Y.exe
-
Size
1.1MB
-
Sample
220908-gsljladgg9
-
MD5
d4ee556c937f4e2a322a5cd663e336c3
-
SHA1
7477dd9fe1f5afdfbf738657596a6ea9386656c9
-
SHA256
5cbfd2eba44cb556832215f980dd0401f63b009fa4b1c5bf2acb6c3c7c617960
-
SHA512
47eb800ca44e5daf895daa58fad4aa3c9edd4867ea7d649ffe63dafffcabbaa3e2f98bb437854f6627fcfe7ce68eb26e4ad2ef7c494f9575d98e17eace8f8ce7
-
SSDEEP
12288:JkNjm9x1iVDbvOOh5WEddzq8N4ldMteiLooQMpoXpGJrdI93YnM3mmiC1:Jkxm94DaoMMzqdQeURamW93YMx
Malware Config
Extracted
Protocol: smtp- Host:
mail.bohotels.hu - Port:
587 - Username:
[email protected] - Password:
v4Jdahdirect
Extracted
agenttesla
Protocol: smtp- Host:
mail.bohotels.hu - Port:
587 - Username:
[email protected] - Password:
v4Jdahdirect - Email To:
[email protected]
Targets
-
-
Target
EWHXClLVWa0H34Y.exe
-
Size
1.1MB
-
MD5
d4ee556c937f4e2a322a5cd663e336c3
-
SHA1
7477dd9fe1f5afdfbf738657596a6ea9386656c9
-
SHA256
5cbfd2eba44cb556832215f980dd0401f63b009fa4b1c5bf2acb6c3c7c617960
-
SHA512
47eb800ca44e5daf895daa58fad4aa3c9edd4867ea7d649ffe63dafffcabbaa3e2f98bb437854f6627fcfe7ce68eb26e4ad2ef7c494f9575d98e17eace8f8ce7
-
SSDEEP
12288:JkNjm9x1iVDbvOOh5WEddzq8N4ldMteiLooQMpoXpGJrdI93YnM3mmiC1:Jkxm94DaoMMzqdQeURamW93YMx
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-