General
-
Target
8031336119.zip
-
Size
6KB
-
Sample
220921-r9x9tsgee4
-
MD5
aaa9c629b1c73e539c1d8dc97cac6175
-
SHA1
6702bd76f35e36fb8d30584feea90157fa77ca05
-
SHA256
1d959cf6e366a2217cfef71d9df9e9835c2b1bd7e21b73f345ca621fb05e289e
-
SHA512
537d78c8bf759b5b3d41dbc09944fce2324c62ecfd27f5b7ae8d3ac7fab90b2fe8625685b0a54c441fc604042a32daa5b5f2a27013d38e8b77bbebdba1b1c12b
-
SSDEEP
192:nsJNSQh/bcHCJXvxUIzx512WTQcBYsJ2z0ak3Cao3f:nKM+BJXvPV2/cB/cVkyxf
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
%2B - Port:
21 - Username:
application/x-www-form-urlencoded - Password:
image/jpg
p=
Extracted
Protocol: smtp- Host:
mail.nisusenergy.com - Port:
587 - Username:
[email protected] - Password:
Nisus@64787
Targets
-
-
Target
ea8df8dbe183507d1a924a7af3ed3e394f61830745074659744cbf6e60724891
-
Size
21KB
-
MD5
35cc4765d727bf4b90d8995fa2fc76a1
-
SHA1
a11d84bf91ec714ff173a3696efe6313d444e0fc
-
SHA256
ea8df8dbe183507d1a924a7af3ed3e394f61830745074659744cbf6e60724891
-
SHA512
c422afdb3f3651cddef4d34c5895ff272b5e75041ad5b102790accd25703a41a1f77958ccf53d9baaa2d9e623435e934d4bff095696a41b3e50847cadc628a0f
-
SSDEEP
384:lLaqknFcv/8hQdCreXXR9hkNkCcw9Uh+ET:5nkFnE9AkbE+
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-