General
-
Target
b34ae8df913549f1c9f75e813f4febbe.exe
-
Size
644KB
-
Sample
240328-ep773sbg48
-
MD5
b34ae8df913549f1c9f75e813f4febbe
-
SHA1
ad9e6dbbbcce62b76a2e4d8997f41f00d0516b03
-
SHA256
cb65e696842c0650692cde3eaf4b37d1fb5a90b21c89fc2b14d191f06b97d7a3
-
SHA512
45f82b92990ded91fd09c822d6f103048e4dcb4467bd3c5f53d50546e4e6c35769d8e3855e921cbeead1e37899864ff39cf5fc70bf904190125372041c647446
-
SSDEEP
12288:2VksqBh/3FLJ99PFTI6xfc29DTlNCGGQD3QWoB:2ur/3FLJ7zlNCG9D3QWc
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.gosportz.in - Port:
587 - Username:
sales@gosportz.in - Password:
Ss@gosportz - Email To:
info.superseal@yandex.com
Targets
-
-
Target
b34ae8df913549f1c9f75e813f4febbe.exe
-
Size
644KB
-
MD5
b34ae8df913549f1c9f75e813f4febbe
-
SHA1
ad9e6dbbbcce62b76a2e4d8997f41f00d0516b03
-
SHA256
cb65e696842c0650692cde3eaf4b37d1fb5a90b21c89fc2b14d191f06b97d7a3
-
SHA512
45f82b92990ded91fd09c822d6f103048e4dcb4467bd3c5f53d50546e4e6c35769d8e3855e921cbeead1e37899864ff39cf5fc70bf904190125372041c647446
-
SSDEEP
12288:2VksqBh/3FLJ99PFTI6xfc29DTlNCGGQD3QWoB:2ur/3FLJ7zlNCG9D3QWc
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-