General
-
Target
100a83ff6c78efd8b2918eb15678c5a3bd8734f229552a43292730f935cc7b30
-
Size
394KB
-
Sample
230918-e8f8psfa5y
-
MD5
3762bde5560382c7f48d04357c25a580
-
SHA1
5c3443fcdf050dcf931248ce1eaa808b449e3246
-
SHA256
100a83ff6c78efd8b2918eb15678c5a3bd8734f229552a43292730f935cc7b30
-
SHA512
87bea6c1f6368ed82baa0e1515a5f80ee4657a0f5ac29899d8aca21d0c255aea609f491e74a70a56ff70daecf3e4ee92bfe02c08ee73c1e0887c1977c8a0558e
-
SSDEEP
12288:6EcOdQo2riGtk54d+n/DGpcSxm9rTcCwTC5PvD:X9dQo2riGtTg/6+rTcCwTCZvD
Malware Config
Extracted
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$
Extracted
agenttesla
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
Targets
-
-
Target
PO 02+03.23-N,xlsx.exe
-
Size
484KB
-
MD5
8ea38b02149447682043acd76439fa07
-
SHA1
1306a0d25eaf46a691ee501eaa88087ba057476f
-
SHA256
dfceb97965308ad23dbd5ead74328927de58d65a75a01359f76e1a10d35ec51e
-
SHA512
efa330b95aab250a48fccd356d5f82292831917bd34304bdf0e3fc2cea35bb2a8dfb3dd5bc626c28c509e1b3782bf224f9a818b04b2c82e1496e644ad129f62b
-
SSDEEP
12288:QMB2tuGtk547+n/DgPcaxmHrTeSwra5PvTvv:QrkGtT6/MqrTeSwraZvT
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-