General
-
Target
4faea3aa03a42594a3ec96f2dfbfe5942e2d733bba9fa3e40006aabf8a849621
-
Size
862KB
-
Sample
231206-c398gsad54
-
MD5
5f328c2d2c3a63a5ab15298c30d8d80b
-
SHA1
44a314d00a434eabb24f446673dc5624988b188a
-
SHA256
4faea3aa03a42594a3ec96f2dfbfe5942e2d733bba9fa3e40006aabf8a849621
-
SHA512
8e6c38f3dcb9e76dc70558fa311d19f3806fb93a3a3605e99b99f5ef50b8017d5b9124629a2bc1f2faf6b886b2fbcadb33dd4ca5dce823023b07810e24f8e6e8
-
SSDEEP
12288:LZKE6jD/62iNG5nF8dB5dPUdrtWe5QBvDRWTMQvEloqCiErdF9rIhF:LZKtD/61I2l8psb8gJ6hrIhF
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
gtasportsltd.com - Port:
587 - Username:
[email protected] - Password:
Godwillmakeaway2day - Email To:
[email protected]
Targets
-
-
Target
Payment Advice - Advice RefGLV626201911 Priority payment_Pdf__.exe
-
Size
801KB
-
MD5
9d97b764c4d9af6d6c75592bb14518b2
-
SHA1
3697f7d23a1c89c834f2d9ad20df389a4ab68ee5
-
SHA256
242145aac35df3f97a6929f8d6f2536d380de86d926e8e42a8129222cdcda2e8
-
SHA512
13281cf03fdeafe9052e7a5187008e72432f5da3bf3be65366c07310337ab3e04cece0563a17d0c90853560da15f3e6d357ce0e0703837015ffdc302a7d136df
-
SSDEEP
12288:nZKE6jD/62iNG5nF8dB5dPUdrtWe5QBvDRWTMQvEloqCiErdF9rIhF:nZKtD/61I2l8psb8gJ6hrIhF
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-