General
-
Target
f6953f4a345ddd27da942fa4409003699c1e831d6add24698697c4f325f0b151
-
Size
672KB
-
Sample
231205-wfcs9ade3v
-
MD5
f5332ba68daf19364e482294214d7b06
-
SHA1
60cd4dcf87657a5f666037193fc8220bddc51687
-
SHA256
f6953f4a345ddd27da942fa4409003699c1e831d6add24698697c4f325f0b151
-
SHA512
9024d8cf037c7f1a6f1f5dfd3c879cc24eabd362f6ac3e4b3089bd07de42c675e7c2d8a4efd9d7a201b2e1fda6eca15141e42752cc460582fb0642aeec28d935
-
SSDEEP
12288:hTmt90fSgwP7WZ1rvvhI4e1+8nZVDSJUHwmUinwddF1KEFSJRar8yF:Vmvxpex3hBeVZVDCUHI31vkRh4
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.tecnosilos.com.py - Port:
587 - Username:
[email protected] - Password:
dX,@;SPvm;h{ - Email To:
[email protected]
Targets
-
-
Target
INVOICE.exe
-
Size
697KB
-
MD5
ba367cc4cfb9f9b18f2a776ffa4fc4aa
-
SHA1
204d17e23d81391809aab7e857b7a918f790fa98
-
SHA256
9fdc30c0a41d836508108bd98ce5176a6739f8ef4c0395bb81e8d85fe670d86f
-
SHA512
ab376384d3289fa54cfe4543b998abbe280d68e74b2e110827df239208c21a1ad0820df28471248590f83167c438be5c3d2db7fa0e6c3e6deaf62b310b559345
-
SSDEEP
12288:Ubl5nF8teO9wP7uZ15vvFIY1Z+1OBhDe4CTrTVMK9XC+iinnjhZj4dqrlbJ:4l+eOq+r3Fl141OBle4C5hfnzHhbJ
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-