General
-
Target
INQUIRY 03746 SRC Project.7z
-
Size
205KB
-
Sample
230613-kw2lrsga7w
-
MD5
17c6f94dc4acfac723f606004b8dcfaf
-
SHA1
4022c09ea295b5fcdd61d7d7a0ae67ed818f9ea2
-
SHA256
04191cb74ce838e5e1d1bfd03430d0bb3b0ad338b5d68a6e994ca50f96a554c4
-
SHA512
d5560649bca9f5462ccc79321d5bce2014c6ca191ead34fcd860003110328276ff010b8b66a71a87139b3aa8f237a9dae3749f79e5520de10b2cd8ad6b97df00
-
SSDEEP
6144:scx6fUoSWozi28iaKU4NYIoWoH3mjZTnPtAB+D:scdWDeNYvn2BtAB4
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
ifeanyi@12
Targets
-
-
Target
INQUIRY 03746 SRC Project.com
-
Size
221KB
-
MD5
b0891e78e6ac318f7fe7f7c95210a1ca
-
SHA1
68787b0f335526a02796faff461bf94b526a3570
-
SHA256
746850633e9ffffd98dea2178e570537bdd30908bc9a07c58070e9186dc82074
-
SHA512
f354e76ec5f3a51b78a114d7c52977a3849a3b2318dcd26cfb0a619f26293678784bda2034f2ae22d15f248402fbbf0a28e59ae656c5532f1476e9b21a220a28
-
SSDEEP
6144:PYa64cgc4tb4NCUoSWozi28iHKU4NYIoyoH3mjZTnPsAB+S:PYucRNfWDtNYvz2BsABP
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-