General
-
Target
62,842.51 USD and 31,101.87 EUR.rar
-
Size
494KB
-
Sample
230214-m8246sch38
-
MD5
809b9865763e2eaca305dde6e8da977d
-
SHA1
77b4d0e3667d5dadb01d681147eaf21120112bfe
-
SHA256
42506f07f9a1dae12669d6efdc948d3e981be578316d3839554d252bbb741b2a
-
SHA512
ae9c975395ccbe697e987e322014b686cf8675e5cb351fe00b2a76999575d8f017eb89c6de3a9d25ff0f64c05d0367d26a7da74d197a271aad2fca4f02f64b6e
-
SSDEEP
12288:K1JRmOUr+OspPdunmx46t3JwSao1TcXYksjlYNYq3Fl:UJRG+OESmNaITcXuiNPl
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.hrtstoolinq.com - Port:
587 - Username:
[email protected] - Password:
D%LKvzL4 - Email To:
[email protected]
Targets
-
-
Target
62,842.51 USD and 31,101.87 EUR.exe
-
Size
621KB
-
MD5
99f142a65dd803dd704c905791acf872
-
SHA1
083d7f5c6541de8cf7de76d5200a363c11a03536
-
SHA256
3f62671f8ab8df6e9357899dbcde6858148e313ad4f8553efe2c1919722a9a79
-
SHA512
18178cb5cd07ca29c12bee3cb14d2e85047393db1a802f56c417dc585b3b56df640352b875496cf7b5f57e2aaf50a5945c9e68fdda743feec521b992a50e205f
-
SSDEEP
12288:V5ecesFP3+NTVXqM+n1xiqwqij42mF5n9:ucesFP+/jQxVijzIZ
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-