General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.27355.1729.exe
-
Size
1.0MB
-
Sample
221209-sxglzsdd96
-
MD5
8c1b26e226c0ba73944b9873b90d5ad1
-
SHA1
270987d7cffa982d8d923b90be0dd66564ed44e1
-
SHA256
52cd12c7f9d27ec4681d73b757722e77b563b443044cee53034cd906f4f54af5
-
SHA512
9c672e56e5ea9cbcea849ef6be9daac91ef3b1fe6595daa5aad638edb7916202f11096e705a1300f7c98df8d76d3dc43112d90ed91524584e12e3d072eb486c4
-
SSDEEP
24576:2df77nI/hci/SkTYRbyXF0J3C0kTw7M1b3IypFE:X/1/Sk8RbJ3kw7Ab3Ih
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cnseguros.hn - Port:
587 - Username:
[email protected] - Password:
Rebecca2007
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.27355.1729.exe
-
Size
1.0MB
-
MD5
8c1b26e226c0ba73944b9873b90d5ad1
-
SHA1
270987d7cffa982d8d923b90be0dd66564ed44e1
-
SHA256
52cd12c7f9d27ec4681d73b757722e77b563b443044cee53034cd906f4f54af5
-
SHA512
9c672e56e5ea9cbcea849ef6be9daac91ef3b1fe6595daa5aad638edb7916202f11096e705a1300f7c98df8d76d3dc43112d90ed91524584e12e3d072eb486c4
-
SSDEEP
24576:2df77nI/hci/SkTYRbyXF0J3C0kTw7M1b3IypFE:X/1/Sk8RbJ3kw7Ab3Ih
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-