General
-
Target
18a014f609a3c4e28caf6e39ec90676d.bin
-
Size
696KB
-
Sample
230523-bjerssea9w
-
MD5
d0d13e9b2f9363edb3847a26b8ad2e9c
-
SHA1
6016015a61e87da17fbd6dea6cf8cf721b763005
-
SHA256
083dbfdb0da7703bcce830aec47ec2580c35c6f706dd4b6685e06423af97cb52
-
SHA512
a61e6d5b9064ac0e61b2670ec6e436bdbef9cf3c0733bb92c4fe0076c275f1fa4bdac6d4c2fca015403b5637da49c3b2e97b6003b00fbac431dd46d1ca127d44
-
SSDEEP
12288:NbcNjACaRdQpW7bHI5I8fulYDF+MymVWJP5k3/oZBtNKNlUE4tmAvEPv6zK5SUHS:pdLRWso5I9lKxRN3oylU6AvEK25SUHeb
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.wrnj.com - Port:
587 - Username:
[email protected] - Password:
Rnj@899889 - Email To:
[email protected]
Targets
-
-
Target
9dcbee0454cf7f6645f8d0dc63edc727c16d6d8c6bbf60f5e1980b41339ac441.exe
-
Size
884KB
-
MD5
18a014f609a3c4e28caf6e39ec90676d
-
SHA1
90aa0eb8cdff811717f3357618d502ae37eb1f64
-
SHA256
9dcbee0454cf7f6645f8d0dc63edc727c16d6d8c6bbf60f5e1980b41339ac441
-
SHA512
c3f5faadd4bb5c40c2d67beb7cf3de81eacf08d7df01f3a4c9849f3bb21f805e820c3d640a0cf591e7bdc9b60e6d10611ffa0536a6176f4d1618676ad933e92f
-
SSDEEP
12288:q00cJLpNaPn0YPX/N5ZHDLyfNwVHiHK3U/xKiQqqYvxjo8IueBHYYQr9G2GqVD10:T0c8P0aZ6aSxK7GzIuYYVrYqo
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-