General
-
Target
cdf2fecfefa949e315f8f0b887a11cd2d7c3a000af79ee637b25052eac663adc.rar
-
Size
654KB
-
Sample
240328-c366tsba37
-
MD5
ac56e339e6b154f878813d46a579c4e1
-
SHA1
892e89fd0b98b0cbd211566b263a2b4520608a70
-
SHA256
cdf2fecfefa949e315f8f0b887a11cd2d7c3a000af79ee637b25052eac663adc
-
SHA512
70c4ab697d6528b93a4ca5bc501386c43b749e25528d03cac4890a62162c3e6950a49e71ee383f25eed24b3d613c2457a1a2771495fbf4e108143fc1e4d11369
-
SSDEEP
12288:j7PWp0TQ3nSuW73kAqu+yhYIo+sWgRvu4Kw13UZ9DeEUYYluNwuuBN7cW:j7e6oST73xqu+yGLmw13UZ9DUZENo/4W
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.starmech.net - Port:
587 - Username:
electronics@starmech.net - Password:
nics123 - Email To:
godwingodwin397@gmail.com
Targets
-
-
Target
PO 20240105.exe
-
Size
740KB
-
MD5
81d099f1008d98346919c22f105e26e5
-
SHA1
de77e686d32adca574703621974811dc6c7d3b31
-
SHA256
1ddead5d6964c8e382d3b2ea694774ff58486bcfb7996015561cc9a03c61b536
-
SHA512
b174aa74461edcc8afee22134084d6de4001fdf5d7012fbcd904f119d3959d776b43fd91a25147c20d2dcfa0d18eeb0b554155d2c7380d55030e6dd2e28bf794
-
SSDEEP
12288:Wd1JsJ6SH1Sh2iNwCZDcTsTmmk82Zzl2VLlh5AMOYFC6Vljc4J+G30NuqDpfLpPd:Wd4w1GQQABk1Zzl4ph5vtCi0hBDpfLG
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables packed with SmartAssembly
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-