General
-
Target
86968AA0B30C7BADC9D30CCE15EB1EA8C036CB4A63BB750938F3EC1178D9D11B
-
Size
1.4MB
-
Sample
221208-yfrcraeb7t
-
MD5
353d5fd482d72f490430bcbf05fd0497
-
SHA1
b962b43e792913d290df1cca0af7b41f36b8d1cd
-
SHA256
86968aa0b30c7badc9d30cce15eb1ea8c036cb4a63bb750938f3ec1178d9d11b
-
SHA512
0b6005b097669c46cf72703eac0e467f5e95b11b05d358e2bbaea6309b60c4318eef2b93a7663590e6fc4fbcf793b463f0a162336617307d9f306f6d50bb8b23
-
SSDEEP
24576:Y8tHxIYioObO8udysBe7w7En1gSp4Tn9j:Y8tHxIYioAO8cysBe7w7EnOSCj
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mad-max.pila.pl - Port:
587 - Username:
[email protected] - Password:
JCbDYyer - Email To:
[email protected]
Targets
-
-
Target
INV_9257.EXE
-
Size
908KB
-
MD5
822cbbe5cf85df754bf93817407c0fe5
-
SHA1
8df5f1d947c47e80fa82136a49be3371b0213b3a
-
SHA256
e83343e553c570230db6b0913a71a19c4d32356a3efccf716c5412595d2b81fc
-
SHA512
3c1548498c499aca0ed379a2f558fd80220257c0eb993a54b7ef47e9d2944bbd2a9326c0e45ce34abb32c720311ea3765940983063048447d182bc60505fc854
-
SSDEEP
24576:08tHxIYioObO8udysBe7w7En1gSp4Tn9j:08tHxIYioAO8cysBe7w7EnOSCj
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-