General
-
Target
abb69d5efe3e41f8c63005da595c4e07.exe
-
Size
1.0MB
-
Sample
220924-jr4d5acbdk
-
MD5
abb69d5efe3e41f8c63005da595c4e07
-
SHA1
4a29a9c9fec3f480a0f8eed9804306e340f0ed51
-
SHA256
6532799d6fb65df43311fcbde28168277053e4264cad1021d1766a2d9ae5f8cc
-
SHA512
a71adc2e0d574af6484cb0f2c0584179212e0206cbcdcb575e581654548d9077e8fdf94d78cd905fea3818f9302682bb05d585b52a398d9094388692edb4aae9
-
SSDEEP
24576:dhLuyyHEm8TbbYsSgQzOQh5YKZDWv2z1mmKYb:rLuyykb3KvVh5YKI2z1mx
Malware Config
Extracted
Protocol: ftp- Host:
ftp.valvulasthermovalve.cl - Port:
21 - Username:
[email protected] - Password:
LILKOOLL14!!
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.valvulasthermovalve.cl/ - Port:
21 - Username:
[email protected] - Password:
LILKOOLL14!!
Targets
-
-
Target
abb69d5efe3e41f8c63005da595c4e07.exe
-
Size
1.0MB
-
MD5
abb69d5efe3e41f8c63005da595c4e07
-
SHA1
4a29a9c9fec3f480a0f8eed9804306e340f0ed51
-
SHA256
6532799d6fb65df43311fcbde28168277053e4264cad1021d1766a2d9ae5f8cc
-
SHA512
a71adc2e0d574af6484cb0f2c0584179212e0206cbcdcb575e581654548d9077e8fdf94d78cd905fea3818f9302682bb05d585b52a398d9094388692edb4aae9
-
SSDEEP
24576:dhLuyyHEm8TbbYsSgQzOQh5YKZDWv2z1mmKYb:rLuyykb3KvVh5YKI2z1mx
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-