General
-
Target
a56bf971cdb4d61c6deac96029e2260d3d93c606dea28e97215fd54a620682a7
-
Size
675KB
-
Sample
240522-cqtd7shc9s
-
MD5
c4e3badc6d39bbdef22f6667752e9a7e
-
SHA1
02845351022931e91b4ad7797c7781124b173e50
-
SHA256
a56bf971cdb4d61c6deac96029e2260d3d93c606dea28e97215fd54a620682a7
-
SHA512
a70d6f05e420b659a7d99d3b7d33e0ebe14d4fa7b56dab6b97daf79707ad3f2cd8ad9b550f85c63c6408ba5e2eb45b58694bba47aa34e2529d457c4dd0adb8b0
-
SSDEEP
12288:vlYifTHmZeHNHwFjjpr1G8QbnQ/yFBbd5nw3FZtLh3XkR:vmireeNw3EnnkyFxrwa
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
nl9.nlkoddos.com - Port:
587 - Username:
[email protected] - Password:
Myname321@ - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
nl9.nlkoddos.com - Port:
587 - Username:
[email protected] - Password:
Myname321@
Targets
-
-
Target
a56bf971cdb4d61c6deac96029e2260d3d93c606dea28e97215fd54a620682a7
-
Size
675KB
-
MD5
c4e3badc6d39bbdef22f6667752e9a7e
-
SHA1
02845351022931e91b4ad7797c7781124b173e50
-
SHA256
a56bf971cdb4d61c6deac96029e2260d3d93c606dea28e97215fd54a620682a7
-
SHA512
a70d6f05e420b659a7d99d3b7d33e0ebe14d4fa7b56dab6b97daf79707ad3f2cd8ad9b550f85c63c6408ba5e2eb45b58694bba47aa34e2529d457c4dd0adb8b0
-
SSDEEP
12288:vlYifTHmZeHNHwFjjpr1G8QbnQ/yFBbd5nw3FZtLh3XkR:vmireeNw3EnnkyFxrwa
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-