General
-
Target
e5fe2a440c03b68609be9d951fa20eb4d452ce31ba9aa89d8244a5c0d4c24606
-
Size
714KB
-
Sample
240425-c6dnpadh27
-
MD5
c25753d9ed52af68706d7f8c3cfd1af7
-
SHA1
0a6df78a260c8f35f3ff44d8d276169955dc87db
-
SHA256
e5fe2a440c03b68609be9d951fa20eb4d452ce31ba9aa89d8244a5c0d4c24606
-
SHA512
6d4cbf8b2813514c82ec8960d4d9fd7c529168cd1f554562155208c56cf10829b706786e861db1f57500ace1cb4fa7c1532927310ed639292659ed71891847ca
-
SSDEEP
12288:AIOQ9autB7J5H9jFyMqCayKAXYGB7+8hABM1GueVIqkdIwz1deg+vATJ:WZutNJ5JqCL7N+8J1JqK/zXdaAN
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
N@DRpoY0 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
N@DRpoY0
Targets
-
-
Target
PURCHASE ORDER.exe
-
Size
774KB
-
MD5
ff421faa4b17974486f95a00c833a57e
-
SHA1
d32163ad0cb86b6a7c7b90e7928f3ea13bbe73f0
-
SHA256
2c4d09a1ac0440d4b7f40c445c29e4b22ab1527d04790ee6b37d22f4412f3f77
-
SHA512
e15ce117eab9ac979072583c2c1d8ddd4f8f2023f32c550dd48d2092bf576366e0a0e1b3d4efca86136e3e4a5749b3a13f3f0ce0d956723a27a5bac4e66d6fd2
-
SSDEEP
24576:9F1HR8f5QDHqCfvNuD7u8aT6nDqF8tJ312Z:fJ6fQHqCfvgPu8a4DqF8tJl2
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-