General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.543.5711.exe
-
Size
687KB
-
Sample
221128-ljrfpsda53
-
MD5
f1020345f5fa6e88c879f38d37345c6c
-
SHA1
f1e21bec1dda785e0ab91b7accc6c53d5725ee03
-
SHA256
e3f743fb706abf616add3cf15faa3ebcb36b14c400952afd37485176e71eaa32
-
SHA512
60494009008023fb2d82d375b52a5443b5efea3b7ba11dec313a2ecb93c582e8c4c1cc5bcbfd9564a054d40938034e94244700c354fab0ff5acfb464b27d9e00
-
SSDEEP
12288:w6cWpbKbfi7es4UKy0BOKAaJOTf5orAh9AUmbnXcRbVIURe+:w5EbK8e8KHsKAauWrAhezbnM/9
Malware Config
Extracted
Protocol: smtp- Host:
mail.dana-world.com - Port:
587 - Username:
siva@dana-world.com - Password:
communication$dongle&1132
Extracted
agenttesla
Protocol: smtp- Host:
mail.dana-world.com - Port:
587 - Username:
siva@dana-world.com - Password:
communication$dongle&1132
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.543.5711.exe
-
Size
687KB
-
MD5
f1020345f5fa6e88c879f38d37345c6c
-
SHA1
f1e21bec1dda785e0ab91b7accc6c53d5725ee03
-
SHA256
e3f743fb706abf616add3cf15faa3ebcb36b14c400952afd37485176e71eaa32
-
SHA512
60494009008023fb2d82d375b52a5443b5efea3b7ba11dec313a2ecb93c582e8c4c1cc5bcbfd9564a054d40938034e94244700c354fab0ff5acfb464b27d9e00
-
SSDEEP
12288:w6cWpbKbfi7es4UKy0BOKAaJOTf5orAh9AUmbnXcRbVIURe+:w5EbK8e8KHsKAauWrAhezbnM/9
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-