General
-
Target
5cdd4f6619e71d3502b5271eb75429a03727548deb1e720cf97131df9e9ec444
-
Size
567KB
-
Sample
231031-lggtgshb49
-
MD5
be1f49cf678e7c6a2df71192ec2db331
-
SHA1
f4e9923b2bde2e6b9d90ca6697a80ab05d8fbd31
-
SHA256
5cdd4f6619e71d3502b5271eb75429a03727548deb1e720cf97131df9e9ec444
-
SHA512
37e83d482eaa353cd0c75a3bcb94c533847cc3f27174538b0b455bfeb60754ada9decf4898202bfeebd383c7c772250a912fa51714b9384773c5a8eb2ee6af4f
-
SSDEEP
12288:A4RHulMsSCK9U9qLSrj7/udHVfEMpDs4TAjvkUHNEGZT6xLHh:AuOl9SCK9U9qLSrj7mdHhTa6AwUnZTyB
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Loverboy@123 - Email To:
[email protected]
Targets
-
-
Target
Awb#3767658753 Awb# 7914840426- Documents.pdf.exe
-
Size
586KB
-
MD5
09bd26a99940619b261eb7dc030e2861
-
SHA1
dc52919e7220a9e10d90e4eff86f92b6b8997006
-
SHA256
99fe3099044a3933d4018dee43aefbc5ae8f5b720a34e0562453f95fa70732ee
-
SHA512
d058acbf604bf8822081d9879bc326644e13a0b762dd411673353032486f7471131aea6dfb38d8aad2df3c1c4230ef264d08d103c7901d489f3847876b741395
-
SSDEEP
12288:gFZpoaQPpr4GnZmPSN8zvbf8eYDsDieQrKs5wChctSjR1:g/QF4GnZmPVQeYsWjrZp1
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-