General
-
Target
ohoyeczx.exe
-
Size
794KB
-
Sample
230327-pzmdgafe6v
-
MD5
6a528cfff5999cf090f5794fc86cadcf
-
SHA1
d8dd1639f879dd0c6af6bb308d4558e42c0979f2
-
SHA256
6a0087305c0345b6a7323d488f9d9e57d0ee4972ebb132b89f1192994b8c78fa
-
SHA512
1e2e4a8099f81d06bbbf772263fef78b652d9d788d957fff8700d9ec7294cced964962411114333ecc0365f30b9ed5b02bd21e43a214d10bcc03c9f44732fa9d
-
SSDEEP
12288:pA5iB0Opa8o7k0yMpuNzrq5hhcSqVRYIwHott85c3t4JhZ:pA567DdMgNzrijewxHinID
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
omananilampard1@yandex.com - Password:
qbkcioyfoxstxqax - Email To:
omananilampard1@yandex.com
Targets
-
-
Target
ohoyeczx.exe
-
Size
794KB
-
MD5
6a528cfff5999cf090f5794fc86cadcf
-
SHA1
d8dd1639f879dd0c6af6bb308d4558e42c0979f2
-
SHA256
6a0087305c0345b6a7323d488f9d9e57d0ee4972ebb132b89f1192994b8c78fa
-
SHA512
1e2e4a8099f81d06bbbf772263fef78b652d9d788d957fff8700d9ec7294cced964962411114333ecc0365f30b9ed5b02bd21e43a214d10bcc03c9f44732fa9d
-
SSDEEP
12288:pA5iB0Opa8o7k0yMpuNzrq5hhcSqVRYIwHott85c3t4JhZ:pA567DdMgNzrijewxHinID
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-