General
-
Target
d8cc9e5cf515115a9aff0d6bac1216b04013ef139f21fee0312c66b92a3ea386
-
Size
478KB
-
Sample
231202-bel1bahb3x
-
MD5
89e0523e70e5fb5418a0f0f1cd17e61a
-
SHA1
8ad73a0994554f8f0a500a39cb46605ae7a26e42
-
SHA256
d8cc9e5cf515115a9aff0d6bac1216b04013ef139f21fee0312c66b92a3ea386
-
SHA512
e2f4301bd6c093bde61894254244ba5184696e408375eb37ac3cce395448ee9f42c297052ada0e31597f8260d2817119e47c13639c9c0bdd5482e8f569c428de
-
SSDEEP
6144:E7XEhgANGThYl152Jnu9u95ik0uZWRQ6uX7Ee/AnBDxq6Tlv2222+v8WEjeNplzQ:ZhgANZl1SuMLikaI7TIxq6c
Malware Config
Extracted
Protocol: smtp- Host:
meka.ldc.lv - Port:
587 - Username:
[email protected] - Password:
DJj8Mza7MM
Extracted
agenttesla
Protocol: smtp- Host:
meka.ldc.lv - Port:
587 - Username:
[email protected] - Password:
DJj8Mza7MM - Email To:
[email protected]
Targets
-
-
Target
Ldnot.exe
-
Size
428KB
-
MD5
9ab42dab7f35c8d542ad44e9e6c0f0ca
-
SHA1
a6f0aa4fd5141c92cb506a77b1c3604c7a60d608
-
SHA256
2cdcc1d29030507ba28587a131f8b98b8c2ae4834524b5e1b584937ce0527ef6
-
SHA512
fe7ca1ace6cbd1a410fc96d3f92e19a53f0d7b46cfe458ab076b2fd59704e7a1d72833526a78b1c5a469e961f5735b8874c00fdaf11fa097a8e99db55f5661d8
-
SSDEEP
6144:Q7XEhgANGThYl152Jnu9u95ik0uZWRQ6uX7Ee/AnBDxq6Tlv2222+v8WEjeNplzQ:thgANZl1SuMLikaI7TIxq6c
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-