General
-
Target
bbbf60b0038ef5948c72c5bb307d44a7ce0c3e0fda2f0b15552335fd3435cb47
-
Size
670KB
-
Sample
240430-chs4gahc85
-
MD5
b34f04aecd4b4a9dea7dd35a81edd59e
-
SHA1
23d4b1d2eb99531307869f7a0907f0e58af208d5
-
SHA256
bbbf60b0038ef5948c72c5bb307d44a7ce0c3e0fda2f0b15552335fd3435cb47
-
SHA512
a59ec3b5e0b5d10bf91991b0d3fde5555f3b4babc93b30b818b8359f4b17ec6d9595f4431978227c0f5643e8b05324a4971fe3c1435f750e2d24cc5883e87074
-
SSDEEP
12288:U6bB778Q0Cz1Ar1eMFcg9O0Zj+XalMO6gsVwb0X6t7yp0nSd+YlsNn/RJL4fgVCf:dbBVbgZ+qKEsN6TSsn55RwX
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.innomedjsc.com - Port:
587 - Username:
[email protected] - Password:
s]~5ai)IFpr- - Email To:
[email protected]
Targets
-
-
Target
bbbf60b0038ef5948c72c5bb307d44a7ce0c3e0fda2f0b15552335fd3435cb47
-
Size
670KB
-
MD5
b34f04aecd4b4a9dea7dd35a81edd59e
-
SHA1
23d4b1d2eb99531307869f7a0907f0e58af208d5
-
SHA256
bbbf60b0038ef5948c72c5bb307d44a7ce0c3e0fda2f0b15552335fd3435cb47
-
SHA512
a59ec3b5e0b5d10bf91991b0d3fde5555f3b4babc93b30b818b8359f4b17ec6d9595f4431978227c0f5643e8b05324a4971fe3c1435f750e2d24cc5883e87074
-
SSDEEP
12288:U6bB778Q0Cz1Ar1eMFcg9O0Zj+XalMO6gsVwb0X6t7yp0nSd+YlsNn/RJL4fgVCf:dbBVbgZ+qKEsN6TSsn55RwX
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-