General
-
Target
C55EEA0AC1966D19CF5D94299B3D01F272F8C42778327AE8873593BDE04D2C12
-
Size
568KB
-
Sample
221123-r2r3vadb4t
-
MD5
1142528db6d73c8db7074c17c780bd97
-
SHA1
c74b71a0445e54cb70ac033546f64c3c5583e591
-
SHA256
c55eea0ac1966d19cf5d94299b3d01f272f8c42778327ae8873593bde04d2c12
-
SHA512
cb03a70611c939ef2620fd4e70865988f2cd5a146256108c962ed01e1e02daa94ee03b92644ab6665c370ab44a2f888d7a2d8bc4289ce7e7ef01693978e8f397
-
SSDEEP
12288:KT1yrQ6YFm1xap+8z+QmKiuga0+DmPgtkbGAsCk+M:UK6QrapXeNu1nAgtkaIM
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.donemilio.com.ar - Port:
587 - Username:
[email protected] - Password:
nadiaexterna123 - Email To:
[email protected]
Targets
-
-
Target
ACUERDO DE PAGOS 304995289002_xls_doc.exe
-
Size
796KB
-
MD5
8609ecbf81a39202d3e4b07be6560c39
-
SHA1
c620ee3c92be4a7452ee3e72ba15996b24445ecb
-
SHA256
19274285e64ef86026c3eafd860f658d9115962c94422ccac823916797c97fe9
-
SHA512
0fe4ed4a677639af8bfce5832036619b48fc89f737496a9441f4e23714f99c1ce69aa165bd5f24525c183d4b6c4af6f90c23855a61ccba3ed47e21c97b016418
-
SSDEEP
12288:B3eP8m1dyCtEWQY8eqM/dMllC25T1DCwzhCp+Rs+vA+zcs3tiOshby7l/Bs:+1QY8IGlC2Z1DCC0hOsk/Bs
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-