General
-
Target
ca36deaeb7d963c366da6f44af265a512adf33af22fe5ce97f622f8d6d9bb111
-
Size
333KB
-
Sample
240327-cfqkkach8s
-
MD5
a0a94454d248d101a0daf71182d054f5
-
SHA1
3da5046fb4d0ac2cbb3bf0f118e862fed0038f85
-
SHA256
ca36deaeb7d963c366da6f44af265a512adf33af22fe5ce97f622f8d6d9bb111
-
SHA512
424c16f5ba15d158b834c12d37175d59f26c6546a4c268133701997f1d4ebb6874965962f56c9a7d1d8ba3cf61495a35472564bf8e894b1f3448815d4dd0f4f2
-
SSDEEP
6144:OWwpsfY1ObfLzJQy0+MJse0iJZRptZgH6v2SGBOcYGXr3o:O/snzJZUJ0GTDv2jOKXj
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bezzleauto.com - Port:
587 - Username:
[email protected] - Password:
|[NbQj>}o^#0 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.bezzleauto.com - Port:
587 - Username:
[email protected] - Password:
|[NbQj>}o^#0
Targets
-
-
Target
ca36deaeb7d963c366da6f44af265a512adf33af22fe5ce97f622f8d6d9bb111
-
Size
333KB
-
MD5
a0a94454d248d101a0daf71182d054f5
-
SHA1
3da5046fb4d0ac2cbb3bf0f118e862fed0038f85
-
SHA256
ca36deaeb7d963c366da6f44af265a512adf33af22fe5ce97f622f8d6d9bb111
-
SHA512
424c16f5ba15d158b834c12d37175d59f26c6546a4c268133701997f1d4ebb6874965962f56c9a7d1d8ba3cf61495a35472564bf8e894b1f3448815d4dd0f4f2
-
SSDEEP
6144:OWwpsfY1ObfLzJQy0+MJse0iJZRptZgH6v2SGBOcYGXr3o:O/snzJZUJ0GTDv2jOKXj
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-