General
-
Target
699b4ee5b2ca5887e48214ff1528e25d.bin
-
Size
653KB
-
Sample
240425-b3ldpada43
-
MD5
17c7eefda81b55b7f44216c9907efa96
-
SHA1
27d24d9baad84a7ae36a058061aad3782164afe9
-
SHA256
3d858cc4e3090037e3eb800c6b63073f3163c6fbaee3f158087b3cc79af83aa2
-
SHA512
991feac1dddd2af2627f2a2370d90e72b424df9a40a294199f5ea5214302c87fdef8516801e84793187a5530c35b9e581eced4651bf6dacef10d306eaa4d4b31
-
SSDEEP
12288:91i+KXCsNiDeG78adTS7+lCQXux4rssZlxuLA3ndFqxRUr0mkfGpaRaUVnBKRf+:ziqN78aBmQ+xwPruLAa3opkwqfoRf+
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
WiYR)pU7 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
WiYR)pU7
Targets
-
-
Target
c9495cc11ac18b285ddfe9c82c76d789a5caa7179f7500cc5e6ec7d659ca8c54.exe
-
Size
705KB
-
MD5
699b4ee5b2ca5887e48214ff1528e25d
-
SHA1
ac35dfe4cdabbb884eabe1c36e990b4fe3edab37
-
SHA256
c9495cc11ac18b285ddfe9c82c76d789a5caa7179f7500cc5e6ec7d659ca8c54
-
SHA512
07afcdc98b6bbfce341a97c871f8c004890def6ca19a169401583ae1afedc5b330a6456a43b80a0a3c1c1b9cc2f7a680beda0a2be979a1bd960a187f420b962f
-
SSDEEP
12288:Do7gHK0cpSDviH6VSx/Q67K4xAgSDGQr0UehDkIb6JjXMjTFg5:ljwQ67K4C9DjrYhD6XoTF
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-