General
-
Target
af987f8a78da6b7e8c5ff110ac6d45a2e5b568053fed3372e3d6110d4ff6b31c
-
Size
1.4MB
-
Sample
221204-k9rzgsae8s
-
MD5
19c7683c6d30e42359202a8b1cf180a2
-
SHA1
48b7177fda378b89c0d644b5cc8870762917cc27
-
SHA256
af987f8a78da6b7e8c5ff110ac6d45a2e5b568053fed3372e3d6110d4ff6b31c
-
SHA512
1ebad3c1b520cc52c026945d16eb70c760da5f0324da28d76f00b091f90871963a636022a78db6c8234cc2bdc8fdd00bc8b96efc59b12ac47095abd97cdceb5e
-
SSDEEP
12288:7+1g3Nn9YL+cSYromBgfGxI7Zq5FsPsk73o/zgLQ/e9xLyGBnuT:7+1gwoxSFskK3o/MU/qnu
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
admin@cutecat.icu - Password:
loveline123
Targets
-
-
Target
af987f8a78da6b7e8c5ff110ac6d45a2e5b568053fed3372e3d6110d4ff6b31c
-
Size
1.4MB
-
MD5
19c7683c6d30e42359202a8b1cf180a2
-
SHA1
48b7177fda378b89c0d644b5cc8870762917cc27
-
SHA256
af987f8a78da6b7e8c5ff110ac6d45a2e5b568053fed3372e3d6110d4ff6b31c
-
SHA512
1ebad3c1b520cc52c026945d16eb70c760da5f0324da28d76f00b091f90871963a636022a78db6c8234cc2bdc8fdd00bc8b96efc59b12ac47095abd97cdceb5e
-
SSDEEP
12288:7+1g3Nn9YL+cSYromBgfGxI7Zq5FsPsk73o/zgLQ/e9xLyGBnuT:7+1gwoxSFskK3o/MU/qnu
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops file in Drivers directory
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-