General
-
Target
eea977d6c736325a557a0c31552c49c51399748fc138db772735109fb6510757.exe
-
Size
1.1MB
-
Sample
231202-k8lfbabc37
-
MD5
d6393631100d7160ca348397cb01943d
-
SHA1
3ff0803ae9fd31efc74bcb29006c1cbf29b03f75
-
SHA256
eea977d6c736325a557a0c31552c49c51399748fc138db772735109fb6510757
-
SHA512
efef9bd64c68757c762a2fdbeb21cc6fc504b85dfd4f468b13504b00b365b58cd83aad3dbbc1cc12c8688d74777d69d6e09685cc9310a0cd29885f6a74fea576
-
SSDEEP
24576:X1uC5JT92RkNSIXtzdf1ZOS0e42xWVYknV3G/Z:AKfRdtsS0e4GIV3GR
Malware Config
Extracted
Protocol: smtp- Host:
mail.asiaparadisehotel.com - Port:
587 - Username:
[email protected] - Password:
S,i*jv&Bj09k
Extracted
agenttesla
Protocol: smtp- Host:
mail.asiaparadisehotel.com - Port:
587 - Username:
[email protected] - Password:
S,i*jv&Bj09k - Email To:
[email protected]
Targets
-
-
Target
eea977d6c736325a557a0c31552c49c51399748fc138db772735109fb6510757.exe
-
Size
1.1MB
-
MD5
d6393631100d7160ca348397cb01943d
-
SHA1
3ff0803ae9fd31efc74bcb29006c1cbf29b03f75
-
SHA256
eea977d6c736325a557a0c31552c49c51399748fc138db772735109fb6510757
-
SHA512
efef9bd64c68757c762a2fdbeb21cc6fc504b85dfd4f468b13504b00b365b58cd83aad3dbbc1cc12c8688d74777d69d6e09685cc9310a0cd29885f6a74fea576
-
SSDEEP
24576:X1uC5JT92RkNSIXtzdf1ZOS0e42xWVYknV3G/Z:AKfRdtsS0e4GIV3GR
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect PureLogs payload
-
PureLogs
PureLogs is an infostealer written in C#.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-