General
-
Target
73e443419c142c80da43bda0677d324d8dd516bfe777d4a2be81202514b799bf
-
Size
236KB
-
Sample
240426-cnat3shc34
-
MD5
394f315ef6598217492f9fe53d47ee0f
-
SHA1
4f15c6dd67f55c7fa96e7829b53441157a72402d
-
SHA256
73e443419c142c80da43bda0677d324d8dd516bfe777d4a2be81202514b799bf
-
SHA512
c49ac9ea07958dbf4531b57ed4c014a2ff943e50dae704619943adf6e8d53d04a4111033b6210cdd3cb11281072f38653184a75a01f69b42aa014b41d38c16bd
-
SSDEEP
3072:krABP1RVJljBXrCbIMjJS5JgNIxnixY5WR5IUCZklB8f:krSP1RVJljBXrCbIMqKNI8Y5WMbZM
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.royalgroup.vn - Port:
587 - Username:
ngald@royalgroup.vn - Password:
Royal@12345 - Email To:
s73286937@gmail.com
Extracted
Protocol: smtp- Host:
mail.royalgroup.vn - Port:
587 - Username:
ngald@royalgroup.vn - Password:
Royal@12345
Targets
-
-
Target
73e443419c142c80da43bda0677d324d8dd516bfe777d4a2be81202514b799bf
-
Size
236KB
-
MD5
394f315ef6598217492f9fe53d47ee0f
-
SHA1
4f15c6dd67f55c7fa96e7829b53441157a72402d
-
SHA256
73e443419c142c80da43bda0677d324d8dd516bfe777d4a2be81202514b799bf
-
SHA512
c49ac9ea07958dbf4531b57ed4c014a2ff943e50dae704619943adf6e8d53d04a4111033b6210cdd3cb11281072f38653184a75a01f69b42aa014b41d38c16bd
-
SSDEEP
3072:krABP1RVJljBXrCbIMjJS5JgNIxnixY5WR5IUCZklB8f:krSP1RVJljBXrCbIMqKNI8Y5WMbZM
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-