General
-
Target
0de1928c490a0779182cb380a7022f9c8ae22053f3b12a189428ac3883a368b6
-
Size
625KB
-
Sample
240309-ckwmdacd3x
-
MD5
03df3341993f19e0bece8433b46413ca
-
SHA1
5551824cf0eb341cfd5c37ec632977ebab612c90
-
SHA256
0de1928c490a0779182cb380a7022f9c8ae22053f3b12a189428ac3883a368b6
-
SHA512
ee09aa4f49ae74e0a742aed6c3a495507aea2f08c80cfbaac1fc58931622d16431531dd4111531b1db0bb9ae515b939f4ce1fa8001d9a3208b95a0a54bf68390
-
SSDEEP
12288:I5scxI3pB+4OJUR36gNxrswUHL5C+Q5K51SyyrwbyJfCz7WCzWr0:OscKa4DxNxr/Ur5J1SyebKuMo0
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
gator3220.hostgator.com - Port:
587 - Username:
[email protected] - Password:
PED6#3Y$hT!3V - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
gator3220.hostgator.com - Port:
587 - Username:
[email protected] - Password:
PED6#3Y$hT!3V
Targets
-
-
Target
Design Qualification Protocol Sample.scr
-
Size
643KB
-
MD5
fa50d7b731efadc0cacbb7030c3623cc
-
SHA1
60b2f4eef5cc5eff23fd30276af59ca05a21074c
-
SHA256
8def921018e2a30479b448409b1b3988907f25cedf6fe1dd98421040cee975e5
-
SHA512
a29c054b70770287e11cfbf69921885930c85acdaf859b85261b2e5de6484418c49c996e4230f17ce08fda6f975f7957d402e5a882c98b643aa9a2bd84e4e15a
-
SSDEEP
12288:QZFtImAFbXgUe279+aktIrhbJtMoUH0bu6xD5COQ5K5fSyYrwbyJ7Cj6s2VEu0Ij:A61FbXf1Zr1DVl57fSyAbm7nuDl
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-