General
-
Target
NEAS.afe0a1288c4168ac8cb545884732514e0427b9c227b97a81befbba07e9ffb4f3exe_JC.exe
-
Size
766KB
-
Sample
231023-whsmgsdf76
-
MD5
6a3dc50e03e59e381f3f64156606f999
-
SHA1
aa4aaf42fab376b621bca0d028c49f91242e80c3
-
SHA256
afe0a1288c4168ac8cb545884732514e0427b9c227b97a81befbba07e9ffb4f3
-
SHA512
fa9ca78cf76c75b50936e19030e0fa9f81315f9e4712ac38a6f4cc61044ca8e738f4d114065b338de68b892b6df551f59c8a28ab7d5bc8eb93ab543ea5ae14f3
-
SSDEEP
12288:yYOyL7s9lwDQqs/EjIBlurFojPJ+82nwh0u+t6U4XZcXO8TTPuoXwJGdLy0PYdGt:yYDL7s9lpqsAIBlOFojPJFTrkZ4XZc7T
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.fbarrachina.com - Port:
587 - Username:
[email protected] - Password:
Ca$tellon2020a - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.fbarrachina.com - Port:
587 - Username:
[email protected] - Password:
Ca$tellon2020a
Targets
-
-
Target
NEAS.afe0a1288c4168ac8cb545884732514e0427b9c227b97a81befbba07e9ffb4f3exe_JC.exe
-
Size
766KB
-
MD5
6a3dc50e03e59e381f3f64156606f999
-
SHA1
aa4aaf42fab376b621bca0d028c49f91242e80c3
-
SHA256
afe0a1288c4168ac8cb545884732514e0427b9c227b97a81befbba07e9ffb4f3
-
SHA512
fa9ca78cf76c75b50936e19030e0fa9f81315f9e4712ac38a6f4cc61044ca8e738f4d114065b338de68b892b6df551f59c8a28ab7d5bc8eb93ab543ea5ae14f3
-
SSDEEP
12288:yYOyL7s9lwDQqs/EjIBlurFojPJ+82nwh0u+t6U4XZcXO8TTPuoXwJGdLy0PYdGt:yYDL7s9lpqsAIBlOFojPJFTrkZ4XZc7T
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-