General
-
Target
639cd0b090f4459153355f5a090835a82451eb6028054ce030cf6366314fee20
-
Size
1.4MB
-
Sample
230403-m1vp5aeb92
-
MD5
5024700fd5f7e52bf567e82ebdb80e14
-
SHA1
e94620b0d5cbfb06e55a167f24ebd3df83f6d962
-
SHA256
639cd0b090f4459153355f5a090835a82451eb6028054ce030cf6366314fee20
-
SHA512
a1fb9b11951b6f6669c2eb191be5a43ea2147584c4897854a1cdadbb6b6c40f8b4c4e1522b99faef5cfbbdf33934a56fc2e0115fc466e20cd6c9ebaadba840c0
-
SSDEEP
12288:/eUclQtHUB7lceAvwDlidquEsc1Sa0Pyifu4XY5Z13VhpPlIX4cPMWgxeZwGmuTe:PquEsy0Pyifu4IlVhpP2MXeZS
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.agrimax.rs - Port:
587 - Username:
[email protected] - Password:
Dandiruya2017 - Email To:
[email protected]
Targets
-
-
Target
639cd0b090f4459153355f5a090835a82451eb6028054ce030cf6366314fee20
-
Size
1.4MB
-
MD5
5024700fd5f7e52bf567e82ebdb80e14
-
SHA1
e94620b0d5cbfb06e55a167f24ebd3df83f6d962
-
SHA256
639cd0b090f4459153355f5a090835a82451eb6028054ce030cf6366314fee20
-
SHA512
a1fb9b11951b6f6669c2eb191be5a43ea2147584c4897854a1cdadbb6b6c40f8b4c4e1522b99faef5cfbbdf33934a56fc2e0115fc466e20cd6c9ebaadba840c0
-
SSDEEP
12288:/eUclQtHUB7lceAvwDlidquEsc1Sa0Pyifu4XY5Z13VhpPlIX4cPMWgxeZwGmuTe:PquEsy0Pyifu4IlVhpP2MXeZS
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-