General
-
Target
a36c5d34f9b0de2069fb875c2b681145352c03a81a387d610301d98143a7fbee.exe
-
Size
870KB
-
Sample
221208-qtc4aaab63
-
MD5
d45152a4b8d2922dfa7dfda2c70cff1a
-
SHA1
9a562efcf54e0e912ead4610de76a065d732eeab
-
SHA256
a36c5d34f9b0de2069fb875c2b681145352c03a81a387d610301d98143a7fbee
-
SHA512
cab1db090f4ed315657af2a3ba69671b50bf04b67d547d2c40c0d89f6fafdb23d73ccfb25840c6ac43628c3378b236c2d212ac9d7d181229e9d21fb929f00b5e
-
SSDEEP
12288:ucNUejKUYkD75gIFOxz0Z4e0vCCGHO8oswKp3WtjmahgKZ/nXt7virmWhlGLaQYI:FNlrYk2IFCz/FCO8rwY32
Malware Config
Extracted
Protocol: smtp- Host:
host39.registrar-servers.com - Port:
587 - Username:
Emenike@potashin.us - Password:
})cZs aj5Xr; C
Extracted
agenttesla
Protocol: smtp- Host:
host39.registrar-servers.com - Port:
587 - Username:
Emenike@potashin.us - Password:
})cZs aj5Xr; C
Targets
-
-
Target
a36c5d34f9b0de2069fb875c2b681145352c03a81a387d610301d98143a7fbee.exe
-
Size
870KB
-
MD5
d45152a4b8d2922dfa7dfda2c70cff1a
-
SHA1
9a562efcf54e0e912ead4610de76a065d732eeab
-
SHA256
a36c5d34f9b0de2069fb875c2b681145352c03a81a387d610301d98143a7fbee
-
SHA512
cab1db090f4ed315657af2a3ba69671b50bf04b67d547d2c40c0d89f6fafdb23d73ccfb25840c6ac43628c3378b236c2d212ac9d7d181229e9d21fb929f00b5e
-
SSDEEP
12288:ucNUejKUYkD75gIFOxz0Z4e0vCCGHO8oswKp3WtjmahgKZ/nXt7virmWhlGLaQYI:FNlrYk2IFCz/FCO8rwY32
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-