General
-
Target
44F1350786328081F837EBFBF7287138AD597285087EF62BC6BA72ABC8AC80A2
-
Size
1.4MB
-
Sample
230518-rw8hmsce57
-
MD5
12d51ed514369ed5e670233d510d5864
-
SHA1
fa020e6121938e900b6e3f3a41f26d46842e39a0
-
SHA256
44f1350786328081f837ebfbf7287138ad597285087ef62bc6ba72abc8ac80a2
-
SHA512
bb0afb4d55e2539b453f9f2c164049d47236d1c6aded8611ab2342693bdd6b670b2a7866ba5e1b756d1b3e81b715f56932b2dfa429e345c96e0b27df2262b748
-
SSDEEP
12288:o+FO8lpXU5ZkXJN/MXLNqLA94UaWh8sDZ42vgroU/LTNv6ViazIksVwLpVrEccES:4qLA2S8szvZCNvszZ0wnrvc5ofiv1U
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.woxi.cz - Port:
587 - Username:
[email protected] - Password:
bg58gt - Email To:
[email protected]
Targets
-
-
Target
ZAPLATA_.EXE
-
Size
897KB
-
MD5
329e03101e0fec36781faf86a5aaa792
-
SHA1
49c0ad5e64a233457cdbef0453ad39384827ca07
-
SHA256
cdf98bf6fe9116cd690e0ce497a9562e32e862ef6e25a567ade5c971967d7a74
-
SHA512
6aa1d84d135b006a631576763dca3ae018473131d58395e3660539c0c92cf377f71cb241d4a70c4b2bede1d9915e85952e276d31f1664b70ddcb26cd63c58d17
-
SSDEEP
12288:d+FO8lpXU5ZkXJN/MXLNqLA94UaWh8sDZ42vgroU/LTNv6ViazIksVwLpVrEccES:PqLA2S8szvZCNvszZ0wnrvc5ofiv1U
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-