General
-
Target
4f4b27d0367d76b89f099cabc16262c0.bin
-
Size
630KB
-
Sample
240328-bxnxmaad37
-
MD5
3b444ce3ba9ba6e6c3cf2e8d38c4a521
-
SHA1
3c2fe1dea41988206a4ce99cbafb790af9dd0ca1
-
SHA256
4f91a9f98de2c62bd829179d1c43fbae541e295af93babb589c549ecefdc0558
-
SHA512
054fb84ca8d70006ee7c19b9bbd34e8e6fcac1cef3437756780fd005ac24ae0119e329b4eb209225c65a2827b3cdbf29931c3386a182cb80c6e49a081f07cd39
-
SSDEEP
12288:FPX63ki5x6SGpzDeOpL/9X5+RvNZ7l5ftpAnenk1aJaANWUy:d60i5sSGpzDeOpj9XgRv/7l5HAe3Jalv
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ipr-co.org - Port:
587 - Username:
[email protected] - Password:
IPRco@100102@ - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.ipr-co.org - Port:
587 - Username:
[email protected] - Password:
IPRco@100102@
Targets
-
-
Target
INVOICE.exe
-
Size
676KB
-
MD5
458d13e193d1def40ff8862d04ee3839
-
SHA1
2441106df18080573cd0691f86c254e4e0a6193e
-
SHA256
ddc5d1c80b07a16ba4a2d8d289dcfccaa1c2f25a525d96f223be8c8eedf9e9e6
-
SHA512
c72ace9e6a680f087715a1727cf89e4dc5e490b697d238681662a3f0bb0df0a0184ab92c469b6aaa6fb29ba8871eb69620fa98cb3c27cddfb76b20f8a56df0c1
-
SSDEEP
12288:57jia5WBDPVjYEeDxwq0BbIH+pKgzRltb2WupXMPj1pFSKgBqKTcmYkV+/1PLfWN:BGB7VjYHDxl8b+MKoRrKpXiJpFSKgBqi
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-