General
-
Target
SHIPPING DOC.exe
-
Size
811KB
-
Sample
240313-qev1jsfc78
-
MD5
a53510c8abfed32dfb6f0765de3faf7b
-
SHA1
3ea41317b78988a213ce66656b2b2d417ea3626e
-
SHA256
4b39adbf8d3a4e2a5793014b4af4a4cb98d3a71c4a565dd20dc3a69928a84c72
-
SHA512
dbc9dfafb9dde32184060fd67c86df178f5eaf9365a5193ca2154d2889ed339cc4a585c929f9b9ba183a0a2bc2e40ca05c727a55b43ce260aca4b0c6987cfd30
-
SSDEEP
12288:ICsL4MhHwgG3htgIV3ZTVBWzfrBjnuWcD5UWoljR8J7HYXWG91EzJGU600qvDKhc:wo7fwluheWoljRqH1zJGprhvfg
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.elec-qatar.com - Port:
587 - Username:
[email protected] - Password:
MHabrar2019@# - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.elec-qatar.com - Port:
587 - Username:
[email protected] - Password:
MHabrar2019@#
Targets
-
-
Target
SHIPPING DOC.exe
-
Size
811KB
-
MD5
a53510c8abfed32dfb6f0765de3faf7b
-
SHA1
3ea41317b78988a213ce66656b2b2d417ea3626e
-
SHA256
4b39adbf8d3a4e2a5793014b4af4a4cb98d3a71c4a565dd20dc3a69928a84c72
-
SHA512
dbc9dfafb9dde32184060fd67c86df178f5eaf9365a5193ca2154d2889ed339cc4a585c929f9b9ba183a0a2bc2e40ca05c727a55b43ce260aca4b0c6987cfd30
-
SSDEEP
12288:ICsL4MhHwgG3htgIV3ZTVBWzfrBjnuWcD5UWoljR8J7HYXWG91EzJGU600qvDKhc:wo7fwluheWoljRqH1zJGprhvfg
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-