General
-
Target
233287331a1ad6b566de67f823f6bc37f938cff74ff0da660c623370220a0081
-
Size
1.2MB
-
Sample
240330-bwxs5sea7s
-
MD5
89c8b2f76e1c24965a707a6533f365e6
-
SHA1
4e499fd09150aad2f947e643a190c3c5474b7085
-
SHA256
233287331a1ad6b566de67f823f6bc37f938cff74ff0da660c623370220a0081
-
SHA512
a4503528d9164a5db458a1dbf358d7d258b5da0a74b5a16c807c7c4370fd25d6b2c60bc3482fe65a2445e8f00293e4127280648d426dea2438f25d0b430b86e2
-
SSDEEP
12288:YJLK1uOvHlmy5avPrKNItnlKaAzMvWTBr23Ca672ATr+0mB40ekrGkN:OiuOvHlEvKaAzMp3lhyNgN
Malware Config
Extracted
Protocol: smtp- Host:
mail.scootero.cl - Port:
587 - Username:
[email protected] - Password:
Dangote1235$
Extracted
agenttesla
Protocol: smtp- Host:
mail.scootero.cl - Port:
587 - Username:
[email protected] - Password:
Dangote1235$ - Email To:
[email protected]
Targets
-
-
Target
BL.exe
-
Size
696KB
-
MD5
9709d3c902365229f471d4215530b41b
-
SHA1
d8b1aa835841176e9406f4689b4963a7fbaae403
-
SHA256
78891b586defb8b94d0bfbe543a2b1d86d79306a371b40fe294c8119aadbac6f
-
SHA512
0d3275f0aaeaf0cd53fe0deecef29204fe39d74e7e2b75fd9ba07e302d0871155433e9501672aa0648e3b14c5cf63e5d0162443849886bd0c68ded6e3a2b9fdc
-
SSDEEP
12288:RJLK1uOvHlmy5avPrKNItnlKaAzMvWTBr23Ca672ATr+0mB40ekrGkN:niuOvHlEvKaAzMp3lhyNgN
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-