General
-
Target
83623041d172ae26ce337fe4dcaa6696b254aa88d56c288960ac353c7fa07c3d
-
Size
758KB
-
Sample
231206-dzzg9aag95
-
MD5
67d7618982db0fa839f05dd9188a2f6e
-
SHA1
6efff498ff117a20cb65d0e2a99b1df7748fe79d
-
SHA256
83623041d172ae26ce337fe4dcaa6696b254aa88d56c288960ac353c7fa07c3d
-
SHA512
56bb6b6440f9fc67137b825c3511e4dd98987f9c45f93160a80bb3a63bea36ab1dfdb9069f36a162dbdd82ed2dfa073e7b4631c20bcce59be01f2e6a7ede2455
-
SSDEEP
12288:AUl5nF8SUb4YSlZFg0snznRwKQLM3Fe4M4t9lbXOAhH1pJdO8jCf/x4dqrlbZnK:TlubyZsn7Z3PM4t9xhL6HxHhbZnK
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.abi0expertise.com - Port:
587 - Username:
[email protected] - Password:
xiuYxQ5Qjvvo - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.abi0expertise.com - Port:
587 - Username:
[email protected] - Password:
xiuYxQ5Qjvvo
Targets
-
-
Target
RE NEW PURCHASE ORDER IM2311-99T_Rev,pdf.exe
-
Size
696KB
-
MD5
6398bb02b34145165929c3d2fe2f5bbc
-
SHA1
aeacaf10db684de9409c1c9a189ef6b2a5e96c6e
-
SHA256
6b738e452987595797cf0fa65d60a4ba63c8e4764ba14147482b63e83cd5a09a
-
SHA512
7b8eadb6b752ef7698a903fbfcdcd1476f72c54b07abce5a226899c3b20c8780cf4335c6d20c3d9697d041be7c7ba6359801716e06634b4eafbf82e4840a7f43
-
SSDEEP
12288:9Ul5nF8SUb4YSlZFg0snznRwKQLM3Fe4M4t9lbXOAhH1pJdO8jCf/x4dqrlbZnK:ylubyZsn7Z3PM4t9xhL6HxHhbZnK
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-