General
-
Target
c1f4474f05a7c301daa67b4d63ea8a55.bin
-
Size
881KB
-
Sample
230330-cadzksaf57
-
MD5
fc418b1578a74d5b9b0d91c5c03e6c2c
-
SHA1
e451673d795806c60e5ccf8942f9ad701428a89e
-
SHA256
6314864357f7ad3beeec8b8ec1d9c316ad500e6f37348d70f09968669238fbb9
-
SHA512
3114c97941055b4d71a0f6cc082af141cc7ad5a70b9332e000a6a227eb4a67ad81d1c02c3ea17d973a8620cf75d919d33b40c4621d75fd55011bf0d841071b4f
-
SSDEEP
24576:R1b7ord2tna0GauX/v+FIHIrMtiHRdDwJ8hlsH:R1YrdlrOFGxtixpwkla
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Admin2022# - Email To:
[email protected]
Targets
-
-
Target
df72b7a0b8c475e25cb621af85ad0e4ba952147ce6d287ffdb49aa878284a43d.exe
-
Size
1.0MB
-
MD5
c1f4474f05a7c301daa67b4d63ea8a55
-
SHA1
723fad37ce4a57c5b3ba958a2e0d05f801209dbf
-
SHA256
df72b7a0b8c475e25cb621af85ad0e4ba952147ce6d287ffdb49aa878284a43d
-
SHA512
9b1fa06714328032d1e87afdf9c5f7d8eb7e07f5cfe2a5b7437383c833c4dfb5e7b54a52901b0e5791061a6a903be22cd4e4f2bae485860b49cc4790f9212024
-
SSDEEP
24576:g5U6hLdFCsLdFGLdFmDNa9UbC+ACAJOC2XL/Lgn72pAVMv41:sTfFC4FuF4N2sCNJx27/uYv4
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-