General
-
Target
07ac37ca4d076f2f40fa87c4e8a018b6efe6a2d613309b82099227e5d517fb2c
-
Size
728KB
-
Sample
231204-xy5gnaee2t
-
MD5
68b4b8747a8816559c88fdaa2b41759d
-
SHA1
57a96925ca49e25bdb954d14015c27fbcda27c25
-
SHA256
07ac37ca4d076f2f40fa87c4e8a018b6efe6a2d613309b82099227e5d517fb2c
-
SHA512
755ab0f3551fb7c5f74552bf1044bc9b99f959d7fa49fc22c1d2c05a13721b9a7b0b3eef75ec7cf0d2f0a991dff35abb4e86e19d66a863969998d0ddd41d882b
-
SSDEEP
12288:uiOcczFh1bgPym3vhMO1bCJxRoL63cFb7HacE5U8gdGD2JDxeHjoX3lKY4bEjhz/:u8eF0NZhRCJvo+ub7Hs5U8mGixy0X1Ku
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.lubdub.com - Port:
587 - Username:
[email protected] - Password:
J-y!2e_fWMH_XP8F_008 - Email To:
[email protected]
Targets
-
-
Target
Bank Slip.exe
-
Size
812KB
-
MD5
0eca1ff62f8625aa1c0489462855d6fe
-
SHA1
4d9e6bb1d05523c70ed92a94eeed74c034aa2086
-
SHA256
340d16854967a7c5d1b613d471f0b0c0ace3c88e26a38318b754df75a5638f33
-
SHA512
9a16d88734e085d538c94cf2e263c47cc93fdd6d006ed63677522658a6c57146d731ee8bc6414011b222bcb5a04800db14be96290beab865f4c03cb3d219ec3d
-
SSDEEP
12288:e3WDtW8G34/uK45+po2kCMe96riKpJlnbRL/m5UogjGD2JzxeHloX3lKX5JIr0:C34/up+pJkfriKPS5UoiGiByuX1KX
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-