General
-
Target
6650242e9e46806b2db451d6125486eabc4b1bd7694759182ee2c6ad5b364a5b
-
Size
1.5MB
-
Sample
231209-cf99zaffd5
-
MD5
a9fe84657de4396d62925b7e8930e18a
-
SHA1
25516973bb4d8491748785d031447e58d594440b
-
SHA256
6650242e9e46806b2db451d6125486eabc4b1bd7694759182ee2c6ad5b364a5b
-
SHA512
106bda7b9453a25d9cddc179b44fb49c61d0cd24c097dfe6a4d9fe390d3c37403c653428cf12e02b4e4907bca4df0781dbb0caf3bd72635644485826c63c830a
-
SSDEEP
24576:bqsj4VDZCwlN64PDF/svGe/6djUqlv2z8W7:bzjs/lNvCOeSxUqt2zl7
Malware Config
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
Starwings@@586
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
Starwings@@586 - Email To:
[email protected]
Targets
-
-
Target
6650242e9e46806b2db451d6125486eabc4b1bd7694759182ee2c6ad5b364a5b
-
Size
1.5MB
-
MD5
a9fe84657de4396d62925b7e8930e18a
-
SHA1
25516973bb4d8491748785d031447e58d594440b
-
SHA256
6650242e9e46806b2db451d6125486eabc4b1bd7694759182ee2c6ad5b364a5b
-
SHA512
106bda7b9453a25d9cddc179b44fb49c61d0cd24c097dfe6a4d9fe390d3c37403c653428cf12e02b4e4907bca4df0781dbb0caf3bd72635644485826c63c830a
-
SSDEEP
24576:bqsj4VDZCwlN64PDF/svGe/6djUqlv2z8W7:bzjs/lNvCOeSxUqt2zl7
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect PureCrypter injector
-
Detect ZGRat V1
-
PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-