General
-
Target
810400151abc3b4720611355416884e908ea3bf489c5b3a70866a0b012afb04bexe.exe
-
Size
638KB
-
Sample
231207-x22j6sfg91
-
MD5
a660077cbfed754a0dcca39d62394482
-
SHA1
730639e3be1f23c2fc91146ea2b9255b512f64ba
-
SHA256
810400151abc3b4720611355416884e908ea3bf489c5b3a70866a0b012afb04b
-
SHA512
d06238133bad029eef2106ad614593cc1276b4eefd1ff01fcbf90273f1d99788261a046b6cd788b6e1559164a8af40289da059cd5820b5d99bd3173b2891cf36
-
SSDEEP
12288:SLrQaueH5qMEgpD6ZoYrOrkMw9Un2Xz53yoZAxtEJ/+d5cxdi2RnEzATUs99Cu6m:SLpqMtDQCkf9HG3c9REEQg9A05
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.abi0expertise.com - Port:
587 - Username:
[email protected] - Password:
Najwa1949! - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.abi0expertise.com - Port:
587 - Username:
[email protected] - Password:
Najwa1949!
Targets
-
-
Target
810400151abc3b4720611355416884e908ea3bf489c5b3a70866a0b012afb04bexe.exe
-
Size
638KB
-
MD5
a660077cbfed754a0dcca39d62394482
-
SHA1
730639e3be1f23c2fc91146ea2b9255b512f64ba
-
SHA256
810400151abc3b4720611355416884e908ea3bf489c5b3a70866a0b012afb04b
-
SHA512
d06238133bad029eef2106ad614593cc1276b4eefd1ff01fcbf90273f1d99788261a046b6cd788b6e1559164a8af40289da059cd5820b5d99bd3173b2891cf36
-
SSDEEP
12288:SLrQaueH5qMEgpD6ZoYrOrkMw9Un2Xz53yoZAxtEJ/+d5cxdi2RnEzATUs99Cu6m:SLpqMtDQCkf9HG3c9REEQg9A05
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-