General
-
Target
EE08714CF38B01D2458D13AA8D3B70EAD136466E6B36261FE79424DE657A4351
-
Size
1.2MB
-
Sample
230718-zkl49sdh45
-
MD5
860a3b6bedd96a71c667c1503d3b6bdd
-
SHA1
afd2fdfffe0af36fe37bb91683c037b9d5650b73
-
SHA256
ee08714cf38b01d2458d13aa8d3b70ead136466e6b36261fe79424de657a4351
-
SHA512
8474b7871c738ee3b54a3bf67f80f96e26c5623c9c6f985ca4ccc404e9242700c9311dcf110796f7de9932433469e1df1d680a9e55909c859d108197ba33b5dd
-
SSDEEP
12288:T+n1snuX6URSCHjC9tZG0ij6oOB6jnjIZTv2tUs:ruqZCGtZGTjjjjED2t
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ungaplc.com - Port:
587 - Username:
[email protected] - Password:
Maco@2022@ - Email To:
[email protected]
Targets
-
-
Target
PO_____3.EXE
-
Size
618KB
-
MD5
90ce31b83a2e32d45b28e7b44f033af3
-
SHA1
2226af1a88815cee0c03b221797af7960585ef7f
-
SHA256
e454dc6dafc9e8e7d94c1a3ff2e4b4bbf79201093be684a4206f23cff6664244
-
SHA512
805661f7c74fadfe34d1e6c3405d78812dc4c0655d144f7e87e840a2a18fb37d4a386cc7835fb6240f96f7a21d250d981cb578fd2e92814d0d2dc5056fef6b46
-
SSDEEP
12288:A+n1snuX6URSCHjC9tZG0ij6oOB6jnjIZTv2tUs:suqZCGtZGTjjjjED2t
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-