General
-
Target
abeaf70ae9416a9610ed56d051cf4817a485db252910abd2db64b56a7bbd2034
-
Size
430KB
-
Sample
221124-en4s9sbc71
-
MD5
3b1ad9f69237f844e4ab4a02d66c1a70
-
SHA1
ee86840aa961e29dbffdd8e290e9ee636e3b265e
-
SHA256
abeaf70ae9416a9610ed56d051cf4817a485db252910abd2db64b56a7bbd2034
-
SHA512
92b7686c1cb5b9e82a91eb3d97c7445e14b9a96b579a5360fd625d5175ea162f1f350cc1cad59d97daac585007e21f0c980e798447b61ae15a860e30f5a70047
-
SSDEEP
12288:zfueJUGQLc6Q3On7qgvB7+8Ya4UQjwvl0:zfUXY6iOV68B4UQjw2
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
ike2020.xyz - Port:
587 - Username:
[email protected] - Password:
Dollar$45
Targets
-
-
Target
REJECTED PAYMENT IDC202001281QA REF DCF TRANSFER.com
-
Size
542KB
-
MD5
dcce4c8884172f022bcea5b6f1639516
-
SHA1
4f0048052d4cb47b7fca298a0a832717e0f4ab7f
-
SHA256
85eaaf9f22a87fe91d08a6727276564a478e1e34579b21a0a9edf602a58b5094
-
SHA512
1922f14fac82ce3e744f2c6b5c4daccf1ff6ca05f0aab626751e99a8e895d064315290387d77ae36675ba8c5ffa9201aa6ae6c368409dd4e3823ed607a38f5f9
-
SSDEEP
12288:TcBKBLqCe/URiLcI03cuXgaIBT9AaGa6QpF4uvs:4KBuCsYImcn5A5a6QP1vs
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-