General
-
Target
7ed592ca3b563e84ebe4bfd7f137e4d659c08dd1d470bd8958ff8abb4d1414de
-
Size
671KB
-
Sample
231205-f3rb6ahf83
-
MD5
baea62c8554f6d0bb497fdaf36fdd1ee
-
SHA1
6d7811cb718718fe3f2dce3f4a3f2b86dfb5ea1f
-
SHA256
7ed592ca3b563e84ebe4bfd7f137e4d659c08dd1d470bd8958ff8abb4d1414de
-
SHA512
c2928c1dc68fe913e41b430b069f1935677cc9fad152e548ce71f492c1ef2476436f59360f7c6827be09249f8074a33851df591e71186339b9d7dcb7106de046
-
SSDEEP
12288:tGa6oNIq8a1j0DE2B+2WKjzzhIJFqwkU5KsAn3gBsuyUtTxZcPgPzT+:saBSba1j0E28SH2JcwelwGVUGgPm
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.gimpex-imerys.com - Port:
587 - Username:
[email protected] - Password:
h45ZVRb6(IMF - Email To:
[email protected]
Targets
-
-
Target
BL and Parking List.exe
-
Size
695KB
-
MD5
44a926d288b22893f0804dcfef210bfa
-
SHA1
1abb651411567f4b270bcfcad748ebeecd39c411
-
SHA256
7c751a1b82481762ea096a998fd0e35ddb00bbd03df9784d09771be310951d2c
-
SHA512
0d3af18e3c0b313be85e4fbed71a8dddd39490878cd13a7a676545eec3c67b7575637397aae78d866ac98cc3e00699c8d89cae27789f83dcb3c51d7519d5ca80
-
SSDEEP
12288:kIl5nF85RD8ah1+dIZyRcwz73uVIJFqwsK5qsIn3gq1+EKi4dqrlbv:rlwgah1+fBHJcwajwq/7Hhbv
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-