General
-
Target
edae358bc5c9fc982ba62e393fc2b78198725ca61d7a20c07de427f8d016f499
-
Size
1.2MB
-
Sample
240430-bntrhsge4w
-
MD5
3239764d71a6bcdc62f0b91a420087db
-
SHA1
64213d7df75dfe424be0b22479793062c012a352
-
SHA256
edae358bc5c9fc982ba62e393fc2b78198725ca61d7a20c07de427f8d016f499
-
SHA512
6a567b411869532d999da387c262c28a72dac14b82e67e00cb9e06369382bab87b3b2bee793322a4e6f2f0cce4a2089189e66dbbe558f0ee3ab56f2528539e2b
-
SSDEEP
6144:iXcR5c4ceHHFWE5emG6eUg36bHwP2w4F2m0hcxfboob:Bjcb7UKxD4F8huvb
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
business29.web-hosting.com - Port:
587 - Username:
[email protected] - Password:
Esupofo234@ - Email To:
[email protected]
Targets
-
-
Target
Product Requirement.exe
-
Size
603KB
-
MD5
7d03f6f3b53f6f1b3698ba84031c98f6
-
SHA1
9b61ed1ca9c3e6620a9741acecebf6171058504a
-
SHA256
dcb12a9daa314143b8b8ac1a52aba595448900997c81632f907036deeac564b7
-
SHA512
661a5abfbe572ffa58a8fe1c03c928785018e7ef8b878f5aef44f1c9bc43f50ff95a6de5593a64ce489ead18c66daf88a4206400403549482b1e5ce8f7635c87
-
SSDEEP
6144:fcR5c4ceHHFWE5emG6eUg36bHwP2w4F2m0hcxfboob:0jcb7UKxD4F8huvb
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-