General
-
Target
160d0356566a52dedd00c17f3e01854154d5de2eafbdc2ac5aa5165649570872
-
Size
812KB
-
Sample
231205-wakxnsea32
-
MD5
d84560a7a3b12ca11b085ef7a65397e1
-
SHA1
389afd9cb62cdf633b895be7af97883c0e0c10fb
-
SHA256
160d0356566a52dedd00c17f3e01854154d5de2eafbdc2ac5aa5165649570872
-
SHA512
7d7afaa8569c8da8368972c556f8c1b9313afed783332db900a2ccab1e8e8c2abe32a90769f7e698d047d7bdbc73a8edaa15bed90afdfb75722e238a0cd21846
-
SSDEEP
12288:OWcQtW8G34/uK45+po20lTslOmIy07PiANoUzaPM5Iy+v9HkwaNJEmPkVK+QqdH3:E34/up+pJ0V1MI6UziW+VaMm8V4AHGG
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.tecnosilos.com.py - Port:
587 - Username:
[email protected] - Password:
wY],Z[mo8kxz - Email To:
[email protected]
Targets
-
-
Target
160d0356566a52dedd00c17f3e01854154d5de2eafbdc2ac5aa5165649570872
-
Size
812KB
-
MD5
d84560a7a3b12ca11b085ef7a65397e1
-
SHA1
389afd9cb62cdf633b895be7af97883c0e0c10fb
-
SHA256
160d0356566a52dedd00c17f3e01854154d5de2eafbdc2ac5aa5165649570872
-
SHA512
7d7afaa8569c8da8368972c556f8c1b9313afed783332db900a2ccab1e8e8c2abe32a90769f7e698d047d7bdbc73a8edaa15bed90afdfb75722e238a0cd21846
-
SSDEEP
12288:OWcQtW8G34/uK45+po20lTslOmIy07PiANoUzaPM5Iy+v9HkwaNJEmPkVK+QqdH3:E34/up+pJ0V1MI6UziW+VaMm8V4AHGG
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-