General
-
Target
1.exe
-
Size
164KB
-
Sample
231205-w1la5adh9t
-
MD5
e06b4b39fd3087fa167badf3017937e8
-
SHA1
bed9f297239520657f1d2902ad684fe2e080df31
-
SHA256
0f1c8a3bfaeb3510d11c4ab58231de540a70732f38c50a7b5f528580e6409eb0
-
SHA512
8b37a3d11f78e9356fbc84c96e7c7fe18105a0120ebd47f6369f4d32a063cc86106f1b640414e3d176b5768d812686de6c2bd83e46e78d264da502b0616cc40e
-
SSDEEP
3072:p0A3u0hCfiEYtWa9LLkXCJZTJaDG2Me0:pxuTfiEYtAXC92
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mailbuilderbuilder.com - Port:
587 - Username:
[email protected] - Password:
Alluminio.1 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mailbuilderbuilder.com - Port:
587 - Username:
[email protected] - Password:
Alluminio.1
Targets
-
-
Target
1.exe
-
Size
164KB
-
MD5
e06b4b39fd3087fa167badf3017937e8
-
SHA1
bed9f297239520657f1d2902ad684fe2e080df31
-
SHA256
0f1c8a3bfaeb3510d11c4ab58231de540a70732f38c50a7b5f528580e6409eb0
-
SHA512
8b37a3d11f78e9356fbc84c96e7c7fe18105a0120ebd47f6369f4d32a063cc86106f1b640414e3d176b5768d812686de6c2bd83e46e78d264da502b0616cc40e
-
SSDEEP
3072:p0A3u0hCfiEYtWa9LLkXCJZTJaDG2Me0:pxuTfiEYtAXC92
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-