General
-
Target
dfa7d62f9d0c08bd07e86637c5fbc237
-
Size
1.3MB
-
Sample
240326-vgrs5ahg81
-
MD5
dfa7d62f9d0c08bd07e86637c5fbc237
-
SHA1
7349b93d33bc33b959b90d888b39d07a675b0ff5
-
SHA256
387a18fc5d6eab0dce3b9ad6e426486f6cbaa63d322502f9770eae32da26052c
-
SHA512
3081b84dee75e6a96e3435e5d970b8e98e6fcbffbce05dd823558afefe6c30af70cd30e190a64fdad8487f4c63dbaf691951da9d7a919e03e5e4c8be2b2fbc25
-
SSDEEP
24576:Gs9076DO2fx8Dgyfx8DgFdF568XTPKx9N1fQJYK5wDZW2L:/076v58Dgy58DgFdBTKxuJv2ZH
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ecofirst.com.my - Port:
587 - Username:
[email protected] - Password:
kptan@123
Targets
-
-
Target
dfa7d62f9d0c08bd07e86637c5fbc237
-
Size
1.3MB
-
MD5
dfa7d62f9d0c08bd07e86637c5fbc237
-
SHA1
7349b93d33bc33b959b90d888b39d07a675b0ff5
-
SHA256
387a18fc5d6eab0dce3b9ad6e426486f6cbaa63d322502f9770eae32da26052c
-
SHA512
3081b84dee75e6a96e3435e5d970b8e98e6fcbffbce05dd823558afefe6c30af70cd30e190a64fdad8487f4c63dbaf691951da9d7a919e03e5e4c8be2b2fbc25
-
SSDEEP
24576:Gs9076DO2fx8Dgyfx8DgFdF568XTPKx9N1fQJYK5wDZW2L:/076v58Dgy58DgFdBTKxuJv2ZH
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-