General
-
Target
48dd86811e1f1141a201935380a3f2319c4100098ac654465c755ded168beedf
-
Size
676KB
-
Sample
231202-cxh7tahd9w
-
MD5
abb70dd8e01b89abb8c249de5282023b
-
SHA1
2fcca1ff3c2c6f110f4db2cf9893025c2521821c
-
SHA256
48dd86811e1f1141a201935380a3f2319c4100098ac654465c755ded168beedf
-
SHA512
e1ad0dc5a87999a2e24ff085bce114ada642bc0c933a4e89cf1a64caabe1d5c447c59048c89f5aee0cba95c4c57453b8c7e0a91084c6d09e9ef9f406cda27e6d
-
SSDEEP
12288:eCj/JJIx5SiV5d4cSFdH7ZDNsed4ydZNGgwhm/biEuTaoDDryg:f/Js5SIdSFdbhNFNBwhksLDDWg
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.consultoraosp.com.ar - Port:
587 - Username:
[email protected] - Password:
mariana2023 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.consultoraosp.com.ar - Port:
587 - Username:
[email protected] - Password:
mariana2023
Targets
-
-
Target
48dd86811e1f1141a201935380a3f2319c4100098ac654465c755ded168beedf
-
Size
676KB
-
MD5
abb70dd8e01b89abb8c249de5282023b
-
SHA1
2fcca1ff3c2c6f110f4db2cf9893025c2521821c
-
SHA256
48dd86811e1f1141a201935380a3f2319c4100098ac654465c755ded168beedf
-
SHA512
e1ad0dc5a87999a2e24ff085bce114ada642bc0c933a4e89cf1a64caabe1d5c447c59048c89f5aee0cba95c4c57453b8c7e0a91084c6d09e9ef9f406cda27e6d
-
SSDEEP
12288:eCj/JJIx5SiV5d4cSFdH7ZDNsed4ydZNGgwhm/biEuTaoDDryg:f/Js5SIdSFdbhNFNBwhksLDDWg
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-