General
-
Target
f7aed428b3f3c86ca521568f3e68e89461fb3cc986f27c6ac29d38c9f38c26c7
-
Size
1.9MB
-
Sample
250112-be8t3sxras
-
MD5
939589e1e29b0d235aeb884a1de92a3e
-
SHA1
e627f10d92648a0111660a2e9198da40191c1172
-
SHA256
f7aed428b3f3c86ca521568f3e68e89461fb3cc986f27c6ac29d38c9f38c26c7
-
SHA512
aec5371f8a09ec3316d5ac90bd0c0147c8e76db80943358ca1742b0c526d22f2f00326b20527e02c7a05f369a95c5824705a5f12afe5b8e5537ed4fde45442c0
-
SSDEEP
49152:TgGeCua+WV3RGOu55S13x900KB6jLoyEkmZ9Y14:Ea+aRa5Oh9XsBA
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ozeexpert.pl - Port:
587 - Username:
[email protected] - Password:
OZE72uM6g - Email To:
[email protected]
Targets
-
-
Target
f7aed428b3f3c86ca521568f3e68e89461fb3cc986f27c6ac29d38c9f38c26c7
-
Size
1.9MB
-
MD5
939589e1e29b0d235aeb884a1de92a3e
-
SHA1
e627f10d92648a0111660a2e9198da40191c1172
-
SHA256
f7aed428b3f3c86ca521568f3e68e89461fb3cc986f27c6ac29d38c9f38c26c7
-
SHA512
aec5371f8a09ec3316d5ac90bd0c0147c8e76db80943358ca1742b0c526d22f2f00326b20527e02c7a05f369a95c5824705a5f12afe5b8e5537ed4fde45442c0
-
SSDEEP
49152:TgGeCua+WV3RGOu55S13x900KB6jLoyEkmZ9Y14:Ea+aRa5Oh9XsBA
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-