General
-
Target
SecuriteInfo.com.Win32.CrypterX-gen.414.24926.exe
-
Size
1.1MB
-
Sample
221129-kfvtaace37
-
MD5
f6f09d960b3a4bf99fafe00b8c08ea9a
-
SHA1
1f7b6c15fc8857090ca7853fefe357f646d24f50
-
SHA256
bc07910ce2ed3c7b871b6b587285211c2877c99f0a49be49fdf71b4419ada13f
-
SHA512
de74324031816e51d3f68dfdffdb02184fe91b6306dfae3a41e34aea7a82757eaae2fa976f72e91ad6dc2a095cb53ccfe018ce3143b6ee92629bb1bf34b5a274
-
SSDEEP
12288:C5LqU+Q4xlepn0BReaMRT3hR5IBM/EWheud4/Gm8+AzPvguGgpdDdzoa1cfNZ9:uO6neReaov5I2/HhFd4emKPIw/DdEPf
Malware Config
Extracted
Protocol: smtp- Host:
mail.dana-world.com - Port:
587 - Username:
siva@dana-world.com - Password:
communication$dongle&1132
Extracted
agenttesla
Protocol: smtp- Host:
mail.dana-world.com - Port:
587 - Username:
siva@dana-world.com - Password:
communication$dongle&1132
Targets
-
-
Target
SecuriteInfo.com.Win32.CrypterX-gen.414.24926.exe
-
Size
1.1MB
-
MD5
f6f09d960b3a4bf99fafe00b8c08ea9a
-
SHA1
1f7b6c15fc8857090ca7853fefe357f646d24f50
-
SHA256
bc07910ce2ed3c7b871b6b587285211c2877c99f0a49be49fdf71b4419ada13f
-
SHA512
de74324031816e51d3f68dfdffdb02184fe91b6306dfae3a41e34aea7a82757eaae2fa976f72e91ad6dc2a095cb53ccfe018ce3143b6ee92629bb1bf34b5a274
-
SSDEEP
12288:C5LqU+Q4xlepn0BReaMRT3hR5IBM/EWheud4/Gm8+AzPvguGgpdDdzoa1cfNZ9:uO6neReaov5I2/HhFd4emKPIw/DdEPf
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-