General
-
Target
6055ed0fd8ff971bac51431a15863557d49da706f981f07649a0f61d1930584b
-
Size
806KB
-
Sample
240201-bzk9hsgec7
-
MD5
d3834931fdd47c01a1057f9f5b3e7e00
-
SHA1
c2cc8c0d43cfe9a2db9fcea591b8fafa2e561837
-
SHA256
6055ed0fd8ff971bac51431a15863557d49da706f981f07649a0f61d1930584b
-
SHA512
8629e47c64004e833f42a605d29cbe1674d488a2323c25645273600c80df671d24f6d4b8cea581c25877131f3a5156ca6e38ba1b58dc43ffd2452c915b33d6fb
-
SSDEEP
12288:Lr8j8qshDzrErlnwc+94pQDjEWT9VgKrf14KO7XIG172yus:38bshjkCZcQDjEM3VdXVG16yu
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mediatrend.it - Port:
587 - Username:
[email protected] - Password:
yYnR5QNj - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.mediatrend.it - Port:
587 - Username:
[email protected] - Password:
yYnR5QNj
Targets
-
-
Target
6GnG4wgn4lxEU7O.exe
-
Size
745KB
-
MD5
a8633ec9f74ca557891d82ca15b3a107
-
SHA1
e257d5ee7c8d6bc9e3926e8347ad19d57e83f760
-
SHA256
9951a3e13277562e8315b82ecf40a0fe9c7e2d86946d19772b838ab0d2956469
-
SHA512
af21eb77530efa46097737f8c87133993a6786941f8efd10ab548f6e89261d7aca3047ea656260f1517526f82bc3a3b1ed71f41a48302668e9194b32d7d4b3ad
-
SSDEEP
12288:Qr8j8qshDzrErlnwc+94pQDjEWT9VgKrf14KO7XIG172yus:Q8bshjkCZcQDjEM3VdXVG16yu
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-