General
-
Target
679f84b5323bd2f24770dc6133839e7f.exe
-
Size
898KB
-
Sample
221207-n6dt8sec83
-
MD5
679f84b5323bd2f24770dc6133839e7f
-
SHA1
a28612836bf14f0211e348f4e6b87cb978211621
-
SHA256
6c4af3d70ab7e32640157fa6f862d25ecec7d6f8e0265de56213639b36b7166e
-
SHA512
99b6396296827f5642f439ff8e88b551872c4a85115b3b1ed7ce3042f7af931e6b39674bd55729ed084f2e35f61aed937b1e7f317e4d322ebb5923946c5a7862
-
SSDEEP
24576:r8xftvSDSJbAn8PBpynQx793EbI01oX9ZF8QyNj:r8xftaDSF/Jgn3pexyF
Malware Config
Extracted
Protocol: ftp- Host:
ftp.valvulasthermovalve.cl - Port:
21 - Username:
[email protected] - Password:
LILKOOLL14!!
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.valvulasthermovalve.cl/ - Port:
21 - Username:
[email protected] - Password:
LILKOOLL14!!
Targets
-
-
Target
679f84b5323bd2f24770dc6133839e7f.exe
-
Size
898KB
-
MD5
679f84b5323bd2f24770dc6133839e7f
-
SHA1
a28612836bf14f0211e348f4e6b87cb978211621
-
SHA256
6c4af3d70ab7e32640157fa6f862d25ecec7d6f8e0265de56213639b36b7166e
-
SHA512
99b6396296827f5642f439ff8e88b551872c4a85115b3b1ed7ce3042f7af931e6b39674bd55729ed084f2e35f61aed937b1e7f317e4d322ebb5923946c5a7862
-
SSDEEP
24576:r8xftvSDSJbAn8PBpynQx793EbI01oX9ZF8QyNj:r8xftaDSF/Jgn3pexyF
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-