General
-
Target
5dd1b73f67d6ddad423e75348e76cebc6aa1bed5437cdc22ad81f716ed3090f8
-
Size
1.2MB
-
Sample
231207-cw99xaadf5
-
MD5
280f4aa605f2df1e66b677103578e15c
-
SHA1
312f47f32ff1f9af07d64a2dc108bf85872a0923
-
SHA256
5dd1b73f67d6ddad423e75348e76cebc6aa1bed5437cdc22ad81f716ed3090f8
-
SHA512
1a6571761a13226f232441ff4820d585e7dd2ad946ace5f764fcd002e3173b50834f0695d78f61d55e9c2285c8cbcdb009f27c4c071d1af9b70f516428144917
-
SSDEEP
12288:DueH5q9T7vB5DaHvvqvjsguQL3/7c/CaesrEAfZJ7BU/X:hqp7J5DasIgn3/7JIEMZJ7BUv
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.etiketten.com.tr - Port:
587 - Username:
[email protected] - Password:
Satis2022+*! - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.etiketten.com.tr - Port:
587 - Username:
[email protected] - Password:
Satis2022+*!
Targets
-
-
Target
REMITTAN.EXE
-
Size
695KB
-
MD5
31551a88926803c70a9e980221e78725
-
SHA1
dd084cf17da2d7b527d6155277951f6c2cc39e53
-
SHA256
60dac627fbdc535bbe16d77f574a17deae993bf0b70e0ca445bea798e8e62e91
-
SHA512
9685c9a31bc7315ced6e00aa48ab11487d865d94e99b8dc100c887a8703c2d16151dc7af704ced6f339d61c17a3a44921fa5139c4c6e44204a3b5d692893db73
-
SSDEEP
12288:NueH5q9T7vB5DaHvvqvjsguQL3/7c/CaesrEAfZJ7BU/X:7qp7J5DasIgn3/7JIEMZJ7BUv
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-