General
-
Target
17525D4BF2E8893CAD5C464BFCBB830FBCDE3D60ED8F8BF47309098C35369449
-
Size
589KB
-
Sample
221123-r2jfpsab59
-
MD5
0abcfe7e01524afcdfd0f5b0c81e9d02
-
SHA1
a47e4ed98d629221a4082cb6df328be71e0cd129
-
SHA256
17525d4bf2e8893cad5c464bfcbb830fbcde3d60ed8f8bf47309098c35369449
-
SHA512
7970a5c51b0570cdf135438537503bfa7cd5596ebbfdf06f6c075ce3c72fdc48a7e950ae47eb13c1febd3020e3e9930e3c1576dc7b5671e9925e40f497fdcff2
-
SSDEEP
12288:6yyzB2uvKmj5wX5HmBpRogum5ony3rtFqPAr/KijGUeufX2ceJN03d:6yicmjQ5mX8m5f7WiSijJfX2Rod
Malware Config
Extracted
Protocol: smtp- Host:
smtp.chinarcnd.com - Port:
587 - Username:
[email protected] - Password:
mNQrnR%3
Extracted
agenttesla
Protocol: smtp- Host:
smtp.chinarcnd.com - Port:
587 - Username:
[email protected] - Password:
mNQrnR%3
Targets
-
-
Target
wkyNtXxap90oV4W.exe
-
Size
764KB
-
MD5
01eeed3a6bdd89e7233f5e21160f61b0
-
SHA1
5ce20b87e6354485097d84cd582087382570a49a
-
SHA256
8c07e434c1f100e1ea59eb7a8c319924cb5ef716da283d04b1973cea72c0f653
-
SHA512
9498a321375d0c3ee65cda22cc195c0b2c5d19d778bb5262b21e7a7a20a24faf5b53d3d5350421fe318de73d2f638846a0ab880be06bb266c86793fbf0f7986d
-
SSDEEP
12288:LmsOL/GXh8L74mBfNUstzoj2uvKmhTwXDHmtpzuEUk5w3AjrtPqjA3/WirBnM337:LF+L74mBfNUstzojcmh+DoxSk5Zv8kOB
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-