General
-
Target
f8cb5d6d15cc29e2fa8f5fa441440ab1.bin
-
Size
670KB
-
Sample
230902-cjmyvaaf5y
-
MD5
4d76685033f4975ed482d38598bff354
-
SHA1
106db6ee677a2a1b85ba6eeab7b839d77b4c1af9
-
SHA256
39958e9a542fc74e64b1d26ae62431236ce1704f51790bfc31a5d4a83b619712
-
SHA512
c785f4aac5d1c5d35779761c89bfc76d1d953ab705f570f46852522273f0954818e468d3232bd9ab632a86f1b6920cfc3308ec7b9227f63698de53a79de15b15
-
SSDEEP
12288:pol190UMOxAuRvAjr8Ve/0lx2L+zTDLopFJT7XbowmcstbMHDt4Cl9zp4K:pCfxAu+j4VFlx26H/EjH0cKbMjt4C3mK
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sgbumperscar.com - Port:
587 - Username:
[email protected] - Password:
tien3012m - Email To:
[email protected]
Targets
-
-
Target
faaa913f0d90b0848bb2ccb743fc3f14d93c21c0085b569dac67cbc14273624f.exe
-
Size
805KB
-
MD5
f8cb5d6d15cc29e2fa8f5fa441440ab1
-
SHA1
4c4d0691d1921bddecaffc6a969e4c992a1b0022
-
SHA256
faaa913f0d90b0848bb2ccb743fc3f14d93c21c0085b569dac67cbc14273624f
-
SHA512
a616a717ee6638cf8344a63d48fcf2ffe0f02ce20f47b30f23c40abe45d2c6c2648b70addb13ae14f3468bd9813337441a8ad3873ab34e178021ce450891a19e
-
SSDEEP
24576:NUOPypIzgWUgZxIo6aqApySa+m3mHl67BnrE:NUOPypIzDUex79rpyiErE
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-