General
-
Target
2100-6-0x0000000004DF0000-0x0000000004E32000-memory.dmp
-
Size
264KB
-
Sample
240428-nddzjaef3z
-
MD5
ed07918e23df53a869ce4c20f0fc1cd0
-
SHA1
bfd4a2add54bff44e342cdf61b6b2b10f9619d61
-
SHA256
c6cec339e738d85441dc7b3d37b183f90572c6d69bff560604d7efcd36ab16be
-
SHA512
4d032fd1c914d4a622514d952ea04f9fbc2e2331d94e05512e2e8eec75e87e6a8526a0ad2a348f961f8a92d14ace8d52de256476dfdb5600c4efb85200f2ad29
-
SSDEEP
3072:r+YCG+5txN5Uu/AG4M45sB6tFL/oNZxnNetZj5oe/N0/qCH:KYE5txN5Uu145smFLwVnNetZKsNGj
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.jeepcommerce.rs - Port:
21 - Username:
w133y@jeepcommerce.rs - Password:
Q6]7rLSD*gU2
Targets
-
-
Target
2100-6-0x0000000004DF0000-0x0000000004E32000-memory.dmp
-
Size
264KB
-
MD5
ed07918e23df53a869ce4c20f0fc1cd0
-
SHA1
bfd4a2add54bff44e342cdf61b6b2b10f9619d61
-
SHA256
c6cec339e738d85441dc7b3d37b183f90572c6d69bff560604d7efcd36ab16be
-
SHA512
4d032fd1c914d4a622514d952ea04f9fbc2e2331d94e05512e2e8eec75e87e6a8526a0ad2a348f961f8a92d14ace8d52de256476dfdb5600c4efb85200f2ad29
-
SSDEEP
3072:r+YCG+5txN5Uu/AG4M45sB6tFL/oNZxnNetZj5oe/N0/qCH:KYE5txN5Uu145smFLwVnNetZKsNGj
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-