General
-
Target
doc20242202025736.img
-
Size
1.2MB
-
Sample
240222-nzr4aahb27
-
MD5
7c04a6c4f18235424fb84fdc3cec0937
-
SHA1
7db2cb46083ecf04baecf6cd953d717b925cf4a6
-
SHA256
5c17ee4b38904d825ab3514f17c60f5806295367fb979d2ba23826a87c34dde1
-
SHA512
c1f7f4467b0fdf4d67a54254aa062a72d455d7d892d7520663f44b14cb19ac6746f86f2201f3701e23d635ce5196a155502e8f03e378c7cede2c48edd0f63041
-
SSDEEP
48:5/yVFtVnHirnnUYJodEdCSusUBFuSH3rqGMGc6:5/aVHirnUYJodEdCSuXBkSbqGMG
Malware Config
Extracted
Protocol: smtp- Host:
mail.knoow.net - Port:
587 - Username:
[email protected] - Password:
americanboy21@
Extracted
agenttesla
Protocol: smtp- Host:
mail.knoow.net - Port:
587 - Username:
[email protected] - Password:
americanboy21@ - Email To:
[email protected]
Targets
-
-
Target
doc20242202025736.bat
-
Size
913B
-
MD5
08568aa884540f8ba2361bf164964b60
-
SHA1
88c6b7c3d49993ca167437957939d1a933456054
-
SHA256
b2aa337b234dfa6d5e90b8b775c5df4f6d6a21e9968beae063de043991d7768c
-
SHA512
d260c49085af7ccd126de7a99b907ede6004d17f99495d1884ce161441fe1df5d5e5047b47695b7a8d644219f99acb3d384b6874d44371a898023e4ae8465f27
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-