General
-
Target
eb29f1c17184805a7c3fde72c439efb595f16e5007032ff341d6f40f68bf4e1d
-
Size
309KB
-
Sample
221125-kz6pwsae4w
-
MD5
f5c94c543b42b4fbe6f93aa1c29c080b
-
SHA1
eb04fc11dba79fe33a127f0abcc65312e6b6dcf7
-
SHA256
eb29f1c17184805a7c3fde72c439efb595f16e5007032ff341d6f40f68bf4e1d
-
SHA512
c05e3356ec1b39818b9021046e60f60dfaca13923b25f5ffb85cdbdf702c5c3b8a61535139baba815f6f224b1786566ec792c04c88d45838f08c162490f190b7
-
SSDEEP
6144:lyMSDMpra6fQ+ulM7h9l5IP/WUVbJV89zVMvggdWIJI:gup11ui3lXr9evjz
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
gibson.1990
Targets
-
-
Target
eb29f1c17184805a7c3fde72c439efb595f16e5007032ff341d6f40f68bf4e1d
-
Size
309KB
-
MD5
f5c94c543b42b4fbe6f93aa1c29c080b
-
SHA1
eb04fc11dba79fe33a127f0abcc65312e6b6dcf7
-
SHA256
eb29f1c17184805a7c3fde72c439efb595f16e5007032ff341d6f40f68bf4e1d
-
SHA512
c05e3356ec1b39818b9021046e60f60dfaca13923b25f5ffb85cdbdf702c5c3b8a61535139baba815f6f224b1786566ec792c04c88d45838f08c162490f190b7
-
SSDEEP
6144:lyMSDMpra6fQ+ulM7h9l5IP/WUVbJV89zVMvggdWIJI:gup11ui3lXr9evjz
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops file in Drivers directory
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-