General
-
Target
acbf2b2b7a84e5d95808b2dae14e3668309c548bfabe7b01c1ea7a6baacd9eeb
-
Size
417KB
-
Sample
221128-kwjqysfe2x
-
MD5
e137f2deb74a16a25a82475adc363dc0
-
SHA1
d86972c462941a7181eb79071f22a921f6333cc5
-
SHA256
acbf2b2b7a84e5d95808b2dae14e3668309c548bfabe7b01c1ea7a6baacd9eeb
-
SHA512
6cef8d6814ee886c2ab117b69b6bd7aa495382c7f6ca283811987aaffa827f0ff0da8d38541845b3b4f9dcc756cbda8830e47d883ecde6ba7d34757d70e04cde
-
SSDEEP
6144:Q61a5zM7FUJWHYdj75/c8s7ZMNM/GOASSAKG5x6trlICIkRPf1oFeDsUH:appJ5dxk8kCSFASRL5x6llekR31o
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.perfectgenerators.com - Port:
587 - Username:
dispatch.lko@perfectgenerators.com - Password:
Dispatch@78
Targets
-
-
Target
acbf2b2b7a84e5d95808b2dae14e3668309c548bfabe7b01c1ea7a6baacd9eeb
-
Size
417KB
-
MD5
e137f2deb74a16a25a82475adc363dc0
-
SHA1
d86972c462941a7181eb79071f22a921f6333cc5
-
SHA256
acbf2b2b7a84e5d95808b2dae14e3668309c548bfabe7b01c1ea7a6baacd9eeb
-
SHA512
6cef8d6814ee886c2ab117b69b6bd7aa495382c7f6ca283811987aaffa827f0ff0da8d38541845b3b4f9dcc756cbda8830e47d883ecde6ba7d34757d70e04cde
-
SSDEEP
6144:Q61a5zM7FUJWHYdj75/c8s7ZMNM/GOASSAKG5x6trlICIkRPf1oFeDsUH:appJ5dxk8kCSFASRL5x6llekR31o
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-