General
-
Target
34f098cea1c9091d52f961989d8953f26c29ed3601cfde1b2c262c1c760ccdeb.exe
-
Size
941KB
-
Sample
221208-p2yjhsaa65
-
MD5
2466ef10dba43064ff43bb3561a334f3
-
SHA1
eed7e44801dd572cf9dcebfbdef45917d9011c13
-
SHA256
34f098cea1c9091d52f961989d8953f26c29ed3601cfde1b2c262c1c760ccdeb
-
SHA512
94cd941d9d98f302cbe2d2483e1961ba3c5960c6e554f8c825a225ac30d4cbf8ef40b92f5cf28078974a2da80f166154e1f937d8eaa5cd80e2726548983077ac
-
SSDEEP
12288:MEgh/PsZ1DX/VDJsW0xHqKZ8re/Jm/mjDzxACZEtUEUx31XQKclqzAaPVBP7r9ry:MEgh/PTW0xHq08re8O7KCF1Qj2Pz1q
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.palumalimited.com - Port:
587 - Username:
novlove@palumalimited.com - Password:
85h!UAfvL2AE - Email To:
mullarred@gmail.com
Targets
-
-
Target
34f098cea1c9091d52f961989d8953f26c29ed3601cfde1b2c262c1c760ccdeb.exe
-
Size
941KB
-
MD5
2466ef10dba43064ff43bb3561a334f3
-
SHA1
eed7e44801dd572cf9dcebfbdef45917d9011c13
-
SHA256
34f098cea1c9091d52f961989d8953f26c29ed3601cfde1b2c262c1c760ccdeb
-
SHA512
94cd941d9d98f302cbe2d2483e1961ba3c5960c6e554f8c825a225ac30d4cbf8ef40b92f5cf28078974a2da80f166154e1f937d8eaa5cd80e2726548983077ac
-
SSDEEP
12288:MEgh/PsZ1DX/VDJsW0xHqKZ8re/Jm/mjDzxACZEtUEUx31XQKclqzAaPVBP7r9ry:MEgh/PTW0xHq08re8O7KCF1Qj2Pz1q
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-