General
-
Target
7c84afbd1d85d46654f72829812a1f2eb3cee52899e39d7bc54be3a4c8fe45d8
-
Size
590KB
-
Sample
221206-yfyrtsge36
-
MD5
74f7c4169db35d0ccbd44849331e7448
-
SHA1
8795d1f2f534bfc59135680efaae5ca1efaa69ad
-
SHA256
283fe3b0f3696b5029f6551716687b6193644bcf435b3675fcc2e0e600672e3b
-
SHA512
909794150605d1fe80498c2b221a39e9fd493973e13e970ac578cfa247cf6ba9f0c95abb1e0e402a433eeb3dbd5d23abda7ffb346efe744ea8d363ec7a44d446
-
SSDEEP
12288:2FGaDO/JAvTQz5damfYZdX/VxFNKMiql2M1InyPlyAXC3HADRI7:0Bq+c5dBfkN/VlDs6l0HAD+
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
hnxqezadblabdsss
Targets
-
-
Target
7c84afbd1d85d46654f72829812a1f2eb3cee52899e39d7bc54be3a4c8fe45d8
-
Size
839KB
-
MD5
4a67c4d108b728eba8ce589844dc6fde
-
SHA1
b73b519e39ec1170ce7a7463e45da3966c7f5b90
-
SHA256
7c84afbd1d85d46654f72829812a1f2eb3cee52899e39d7bc54be3a4c8fe45d8
-
SHA512
b45c804176d611b8f4fc1ba8fdd98442a42780ed276aa93c4c6a0ed54bec03e6f3060fbc18a75cfa1ea2be6ed27aafb7afbf56ea6a718b7f19418c9dc2e41a95
-
SSDEEP
12288:+cKjmaOffpam/YtdX/VvFXQMiql8M1IJyP5yAXe3HmDtgKZ/nXt7virmWhlGLaQ1:Vg+pB/iN/V3DqSlYHmD
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-