General
-
Target
PO_27052024.exe
-
Size
660KB
-
Sample
240527-hsmx4acf77
-
MD5
4199d8995c4b86f6053c43cb70a87aa9
-
SHA1
ae7d740bc01ae87d643f98264efa3b995365a66f
-
SHA256
74a7dd343c4fac52d9d695d8d189a1bf3d5e5578622099bdf731544df385b75d
-
SHA512
e78a6a99ae8157f295a8c0cac9a0d72da5de4f4aa9e2fbaa131996e76eeb2906593d0e2bb6e82b8b733fd080cad5af1da5cea9b60be372942ac13122d6f5bbce
-
SSDEEP
12288:iuxrYCFd6xhOIHq2tGUoa/Vyljum2dQbimFl8+IjkpqyhscnFQXkR:181xh7HqmGUosV2qQbim34EhRFQC
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.alitextile.com - Port:
587 - Username:
[email protected] - Password:
Myname321@ - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.alitextile.com - Port:
587 - Username:
[email protected] - Password:
Myname321@
Targets
-
-
Target
PO_27052024.exe
-
Size
660KB
-
MD5
4199d8995c4b86f6053c43cb70a87aa9
-
SHA1
ae7d740bc01ae87d643f98264efa3b995365a66f
-
SHA256
74a7dd343c4fac52d9d695d8d189a1bf3d5e5578622099bdf731544df385b75d
-
SHA512
e78a6a99ae8157f295a8c0cac9a0d72da5de4f4aa9e2fbaa131996e76eeb2906593d0e2bb6e82b8b733fd080cad5af1da5cea9b60be372942ac13122d6f5bbce
-
SSDEEP
12288:iuxrYCFd6xhOIHq2tGUoa/Vyljum2dQbimFl8+IjkpqyhscnFQXkR:181xh7HqmGUosV2qQbim34EhRFQC
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-