General
-
Target
0cb2b256536f28c9554963f9a2ec2d00f558356c5b8ce6a06af2bd831d200250
-
Size
553KB
-
Sample
231206-pnppfsef96
-
MD5
5c60712a3b64c14e06cfee7e2242e3b5
-
SHA1
9b727109fe311a4a962b54ff52ab5006650fe043
-
SHA256
0cb2b256536f28c9554963f9a2ec2d00f558356c5b8ce6a06af2bd831d200250
-
SHA512
834dc4e35eb32117534573c5da8e7e165960d83795f0daddd0870d61e1d7b9768eb0d50c7ac22118f835fef3757526008e9ecfd2ecfcb10d4ebf83429f340776
-
SSDEEP
12288:NKBlLQVIui+PAW7N+IEb6KRRFB6SxioGfBAzo3KEf9qpqAm:I3QVvi+P3+IuPfGfGozEq7
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.worlorderbillions.top - Port:
587 - Username:
[email protected] - Password:
@qwerty90123 - Email To:
[email protected]
Targets
-
-
Target
AFX_909388388382772883.jpg.bat
-
Size
621KB
-
MD5
209267b5decf170fdc25565e0d86a5d2
-
SHA1
a96b5e85c76e518534c59a849ec45e129c1597a9
-
SHA256
0a109b2fcbb4ceae58549963c3c7ba7444763b9c9536323e95d90116cd78f809
-
SHA512
2e1fc8466a4c4a773845a4c2d378d2e2fc427c56f820eef6d9f0c1fc6d216c6fb17c6ed1c278798c2772db87bb3382bef6a74337eb538519bf15d9b70cd34890
-
SSDEEP
12288:tknueH5qxiaH9god9j5199wXRusYfB6CxNK6PRW:6Vqxi8yqB510R4Zw
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-