General
-
Target
SWIFT MT103-500M003.exe
-
Size
1001KB
-
Sample
230329-qdsh2agd56
-
MD5
cde8b54edcafe4791b3f08edbba15b38
-
SHA1
67d0f6373b599da1cb2e26ddd084f83f187b4977
-
SHA256
7ad3b811ac7212428b59433dd410b9e3413d0a5df031f7f68408dfc4aac61985
-
SHA512
699a0b761f9d3479abf1060719a7d4d920282b57aac573808da1169a5939f519db9c3e5a656b436ddc363e433b2ca62a64471810778eb7aa10ca1ad92579e85b
-
SSDEEP
24576:au12zVZ97Rl+QuZCYyKg8Zgp2DjmTqzFxvzn4/zO62b8+:auAR37mQYWK/ZGAjmTczraOD
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.maskanikenya.co.ke - Port:
587 - Username:
[email protected] - Password:
H6@RTnNl@_=B - Email To:
[email protected]
Targets
-
-
Target
SWIFT MT103-500M003.exe
-
Size
1001KB
-
MD5
cde8b54edcafe4791b3f08edbba15b38
-
SHA1
67d0f6373b599da1cb2e26ddd084f83f187b4977
-
SHA256
7ad3b811ac7212428b59433dd410b9e3413d0a5df031f7f68408dfc4aac61985
-
SHA512
699a0b761f9d3479abf1060719a7d4d920282b57aac573808da1169a5939f519db9c3e5a656b436ddc363e433b2ca62a64471810778eb7aa10ca1ad92579e85b
-
SSDEEP
24576:au12zVZ97Rl+QuZCYyKg8Zgp2DjmTqzFxvzn4/zO62b8+:auAR37mQYWK/ZGAjmTczraOD
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-