General
-
Target
06194b1533efb3f436b2055a5fe8b65715ce5e8b.rar.tar.gz
-
Size
592KB
-
Sample
240326-mf29gaga84
-
MD5
e603cba1440c5452edc422f1cc30ee7d
-
SHA1
1eb85ef930c6928126d7aaa2b3d43221aae9b0ca
-
SHA256
3f29625155856423f035b542c1b0095c4fded30e4582d36654f4b7b447db8752
-
SHA512
807740f0b424b0f942885c4108fe2b0b994cafb1d39b8da044a04d8a395cc08a2717e0963493987910726aa6c1fb7b65c0021a8f521b2a82ccc52fff229f1e89
-
SSDEEP
12288:7kImlsH6gM5/3cvY6xz2L/Itkz8BGVTSGNYMsg4H/2CQEb4:7Gspw/Z4q8aSGNYMsF2CG
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.metatron.com.mx - Port:
587 - Username:
[email protected] - Password:
M3taHondu@1 - Email To:
[email protected]
Targets
-
-
Target
64032_7832.exe
-
Size
603KB
-
MD5
22e9dac87402559b1c4cdc39430d75d4
-
SHA1
81baf30d2fd417d46edbe5d6bf983347f740ffa3
-
SHA256
d2aa96a827458b4e0eeacde182337cc3fc85f924706316c30dbca4331227be1d
-
SHA512
c892b199dc4425629de31354e252f4fdd879dd2f9d29c18ff41b111531538ad789259263cff6a732bef34b0c3ca8572b6240f3e2c2a60403317a4597c2686b03
-
SSDEEP
12288:3q87CSjyJ22pma1/w9GAMmgE4u+eSXlpFj03/EM7ya5W:3V7CxmAo99gBeSPFjIz72
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-