General
-
Target
ed018242-a273-4ac4-8046-6408d45645ca.rar
-
Size
88KB
-
Sample
230216-yparcsbe78
-
MD5
7969cc1f37b1217bb2d5f6e6c49b86fb
-
SHA1
84595a676f75e3d84730430e05632a01df1ad537
-
SHA256
fce2ab27f432daf0adf31a99dff870bb9e6d5145dedcc6ccd1608634bd399420
-
SHA512
9a70a4bb4a85ef0cb91de7471715da8362955cf781b9d35047fad7047e77de7b49fc69afc7b90c6c69bf175213b9ed51413cf1966e30e64d123dc3c0dc84e680
-
SSDEEP
1536:30Q3xgAxICApQpRCPIoYStg6qSxzyXahY1VXAQwvyRGHQCmDLjGAFkAgeVP0lp8:RV2WpYbYSy6gahEMyRWIbFkZeVJ
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.linksportsinc.com - Port:
587 - Username:
[email protected] - Password:
Camil2017@@ - Email To:
[email protected]
Targets
-
-
Target
ed018242-a273-4ac4-8046-6408d45645ca.exe
-
Size
218KB
-
MD5
0cfc80c17fe676f25cd363293b1a246e
-
SHA1
c5862e4aeb86663b9125fa26ca6ed8e8319ba6eb
-
SHA256
77cda955ed9aab83a4eb2c053552d0fc8e1b39ec4c5fd5c7512d49e887f73282
-
SHA512
99ed39f34c723198e91c1d328fe021ca9aca208500d1e1c613399831386bf7bcccfcdb2a39e7a419169c334eb61e97a861b8e9a37386f19add7c08e5315d2b5c
-
SSDEEP
6144:wb0j+teYDQh/CiUWDD2oGbEWy0kwQEglug:Lj+pDQpC0myzwQkg
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-