General
-
Target
18ff7446c538ea6c96f148a12b2a214f9823d7e4061c2f3d350cd81e6a8de8c5.zip
-
Size
604KB
-
Sample
231203-w5yr1seb63
-
MD5
d5b6e2b4ece2ef0f35bf4bc6a5d2fca9
-
SHA1
7a0f0a836a35fdc3f0f62b006a0f64d700562ea0
-
SHA256
39d7bbd770f907ef29adc4842c3bf4e568d94e725f41fa4cbd3ab773fc3a7547
-
SHA512
fa023bd1e005d9101ebb67d91bfba50bf58b53338024a6b5093f4e6ee97e98c07cb45fd2f4e4a92f92e399723a37ae9180fda7e39b421fd6ac511fb0458dc361
-
SSDEEP
12288:RiJcyxwvTXS9h1NgkRo5H0PjGBgIihgFrUrsknePrW:YJHJh1N+5HWGeRyFrUrBeDW
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.worlorderbillions.top - Port:
587 - Username:
[email protected] - Password:
Zcj,hK*0y{mA - Email To:
[email protected]
Targets
-
-
Target
18ff7446c538ea6c96f148a12b2a214f9823d7e4061c2f3d350cd81e6a8de8c5.exe
-
Size
689KB
-
MD5
3c6b3c50afec4a49e616569559d4a749
-
SHA1
9f5844d3f48eee948e371d4f527b4459b3323f73
-
SHA256
18ff7446c538ea6c96f148a12b2a214f9823d7e4061c2f3d350cd81e6a8de8c5
-
SHA512
4f12fee3499145d457058690ab7c4ec280d7fea46eb5113dc3e970b3efc3f3e0637a6e227e6917672c62a6615fed016235c92b5b8135d1021660fa1b33055765
-
SSDEEP
12288:wq8o4AJwATF0VN+B+xMuWIatYJrcAlZS/XJjxAl/LLOEiYFtY:UIhTF0VxMqJXMXJNAlDLO8FG
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-