General
-
Target
MT_078410_00_032.exe
-
Size
2.4MB
-
Sample
240515-ngkaqafa2t
-
MD5
765a94a7bedd69fb57e562b5c6537db9
-
SHA1
bd62eccc3009b043512aa2e6a1297875c613760e
-
SHA256
e623db7ce7f2a3ddd3e5b4571f75a4b20b4fd69d8680d19a4e6506730ee2c81d
-
SHA512
ea2fb18aeebd2038d9db10d75023ed747802ccd2bf20163cce4a89be26113f08a019c9e19088747bc182ca4317390bb2b50ff01cb6fd52361ff2c16219673f91
-
SSDEEP
49152:rd1ccJyl0yJDpXoYir/atre3KGthcMrXcdLobjrXGGS:rJO0G54+K3KGthVrEL3GS
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
66.29.151.236 - Port:
587 - Username:
[email protected] - Password:
d9GOyTceXsMT - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
66.29.151.236 - Port:
587 - Username:
[email protected] - Password:
d9GOyTceXsMT
Targets
-
-
Target
MT_078410_00_032.exe
-
Size
2.4MB
-
MD5
765a94a7bedd69fb57e562b5c6537db9
-
SHA1
bd62eccc3009b043512aa2e6a1297875c613760e
-
SHA256
e623db7ce7f2a3ddd3e5b4571f75a4b20b4fd69d8680d19a4e6506730ee2c81d
-
SHA512
ea2fb18aeebd2038d9db10d75023ed747802ccd2bf20163cce4a89be26113f08a019c9e19088747bc182ca4317390bb2b50ff01cb6fd52361ff2c16219673f91
-
SSDEEP
49152:rd1ccJyl0yJDpXoYir/atre3KGthcMrXcdLobjrXGGS:rJO0G54+K3KGthVrEL3GS
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-