General
-
Target
tmp
-
Size
1.1MB
-
Sample
221126-glpbxaag5w
-
MD5
b0ef54f0ca656bacd2de2733b7d7a21a
-
SHA1
365b7c6d587a2e91e1691a39b8f6435f9660c518
-
SHA256
93cea202135217f8dc49a69a4b44e4cb0091d28530593d0755ab1f0250fc9326
-
SHA512
29f60e8408fdac215a7b9b42c76ade67a0b29fd630a4a99245b1e752358f921c7430c12dfbf7b186754162e9cb77b0e1bd954a6c0a102a0edee9aa496f70557b
-
SSDEEP
12288:xDXa9GBBRodOZrGAa9lRH8+i1EGbGMIN/xKXwlZsiE1nBKSH3cejibHqEsZ1DX/3:FMGDqdOZrGj9cnIHF7bvCxOHr
Malware Config
Extracted
Protocol: smtp- Host:
smtp.alrnufeed.com - Port:
587 - Username:
[email protected] - Password:
Omp(XkJEF9
Extracted
agenttesla
Protocol: smtp- Host:
smtp.alrnufeed.com - Port:
587 - Username:
[email protected] - Password:
Omp(XkJEF9
Targets
-
-
Target
tmp
-
Size
1.1MB
-
MD5
b0ef54f0ca656bacd2de2733b7d7a21a
-
SHA1
365b7c6d587a2e91e1691a39b8f6435f9660c518
-
SHA256
93cea202135217f8dc49a69a4b44e4cb0091d28530593d0755ab1f0250fc9326
-
SHA512
29f60e8408fdac215a7b9b42c76ade67a0b29fd630a4a99245b1e752358f921c7430c12dfbf7b186754162e9cb77b0e1bd954a6c0a102a0edee9aa496f70557b
-
SSDEEP
12288:xDXa9GBBRodOZrGAa9lRH8+i1EGbGMIN/xKXwlZsiE1nBKSH3cejibHqEsZ1DX/3:FMGDqdOZrGj9cnIHF7bvCxOHr
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-