General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe
-
Size
701KB
-
Sample
240329-ex3ybsac28
-
MD5
426e109b0b6192c42ce6b9746006bc92
-
SHA1
870b442fd71f37b4f68e0d72cb0ac7211b0a27d5
-
SHA256
5a2666c6e1d72ae675ade0ecbc29228224b3c631151019891e6f07ec7f5aefe8
-
SHA512
cd029dd6cda8cfaa2ba791db22032b4b4477f38b9d0a6dbde6f6e711515bff52faeb96334c03898129c7ed677f781a25088354ea107e68875f6e26ce0b989f36
-
SSDEEP
12288:R4LK1kcsw5+xVbTkWoV5wthfXMoj7XnK4nGZFNSvTIxhAGpCi1ycMtJGUDNkR:yikcsw5cV/8wPp/XK4O/J0GAi23GaQ
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.egyptian-international.com - Port:
587 - Username:
[email protected] - Password:
@@Nour60008 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.egyptian-international.com - Port:
587 - Username:
[email protected] - Password:
@@Nour60008
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe
-
Size
701KB
-
MD5
426e109b0b6192c42ce6b9746006bc92
-
SHA1
870b442fd71f37b4f68e0d72cb0ac7211b0a27d5
-
SHA256
5a2666c6e1d72ae675ade0ecbc29228224b3c631151019891e6f07ec7f5aefe8
-
SHA512
cd029dd6cda8cfaa2ba791db22032b4b4477f38b9d0a6dbde6f6e711515bff52faeb96334c03898129c7ed677f781a25088354ea107e68875f6e26ce0b989f36
-
SSDEEP
12288:R4LK1kcsw5+xVbTkWoV5wthfXMoj7XnK4nGZFNSvTIxhAGpCi1ycMtJGUDNkR:yikcsw5cV/8wPp/XK4O/J0GAi23GaQ
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-