General
-
Target
29042024_2033_29042024_FACTURAS.gz
-
Size
540KB
-
Sample
240429-prmz2aaf27
-
MD5
13070e9f01202d39650387bb7907dac4
-
SHA1
842021b33a86183b4f633bf45b6f8ae35c307a5c
-
SHA256
e094ddee9220fb1048fe7c0c92903f1ff69cfc867e82e11801c4c883fe5abff1
-
SHA512
362e66a8ddc8dd4241102acce183e4fb4290ef9b98e4ccece251b105e274d239286a7106b97fcd72a3586c941b7ee9dc4b4816384d78354e313a95652701f2bd
-
SSDEEP
12288:n5Y4cCOEWFr2zPSKshrO6/agYBBImlmHUhv+6:5YQg4SKspO6/azSmlmHUV+6
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp8nl.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
11035517QWEiop@#$ - Email To:
[email protected]
Targets
-
-
Target
FACTURAS.scr
-
Size
953KB
-
MD5
82846e38a751faa4c2667bea09633a99
-
SHA1
343fea80223ac120af3d760d00d19cb492172432
-
SHA256
343dd11490831bb2aa0e549a8a6d39bbb2303dd2672b5ee0fb77f6514f195094
-
SHA512
e722ac1f09ac7cdac1263e135830a09979ca1abaac1745ca3bb6022b8eef7faa63d7fb00e306e9d7c35dd9e5a32be261ff295fc20a50128e5ad700751fbe64ab
-
SSDEEP
12288:5wglEe171o1+1k155scBRTWgwxPzQkbu3po3kTarV4Kvc2rm1m/NZ9O4uuUk2kx7:onNjkCK3k6XvmIKhJLk7w3B3nEr
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-