General
-
Target
0e5780e67bb7a9e84abfcab88ecae382f59b66905ec375ba0e8f7f7a3c3dac15.exe
-
Size
239KB
-
Sample
240528-q9nvqahc84
-
MD5
7481dee30f768b696327e2894a93c7c7
-
SHA1
659c5fa6af2a791925c7ef85db0a657e06679b15
-
SHA256
0e5780e67bb7a9e84abfcab88ecae382f59b66905ec375ba0e8f7f7a3c3dac15
-
SHA512
28ac76fbe68ef534cab6d47a895f4df070d03421b616e6b2cea4327ed1721e5a2685bb658cd8458a8ee86ac3f5140660f6e6a68d01298e517e4c54dc51493ce0
-
SSDEEP
3072:cbKktSm6GyD5hxEktOZ2dGde1zLsqGAHIy5CxWI/goM:cb7Sm6GyD5h+e6gIqGAozWIY
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pakpearlintl.com - Port:
587 - Username:
[email protected] - Password:
pakpearlintl.com - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.pakpearlintl.com - Port:
587 - Username:
[email protected] - Password:
pakpearlintl.com
Targets
-
-
Target
0e5780e67bb7a9e84abfcab88ecae382f59b66905ec375ba0e8f7f7a3c3dac15.exe
-
Size
239KB
-
MD5
7481dee30f768b696327e2894a93c7c7
-
SHA1
659c5fa6af2a791925c7ef85db0a657e06679b15
-
SHA256
0e5780e67bb7a9e84abfcab88ecae382f59b66905ec375ba0e8f7f7a3c3dac15
-
SHA512
28ac76fbe68ef534cab6d47a895f4df070d03421b616e6b2cea4327ed1721e5a2685bb658cd8458a8ee86ac3f5140660f6e6a68d01298e517e4c54dc51493ce0
-
SSDEEP
3072:cbKktSm6GyD5hxEktOZ2dGde1zLsqGAHIy5CxWI/goM:cb7Sm6GyD5h+e6gIqGAozWIY
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-