General
-
Target
Technical Datasheet.exe
-
Size
622KB
-
Sample
230403-s7mkzshd5z
-
MD5
7ff90a232ed79406484bb4ed486b59dd
-
SHA1
9f1a07f1766769eb43c17eeaee6f5b3b0d40101d
-
SHA256
5d87d27a8034f66903bcfcbb0c4d325072ff13579b5b1e36aee0e25d9756cc1a
-
SHA512
de9f7e99af7e2e7184e1cdaf0dd30847092f0f30268b3422a9f0a6a2d9d10c31dd54a51de2da65ab1eda7620ea860c09c3d9b485ba974908afa2be9d77ce2b21
-
SSDEEP
12288:2VtzLwreFyRnPDDVgKGhYF7kPv+0WglDlUHZt4gfI4Jph8AaGWfJ+kDONxdb:nfdPnVgC1kPv+0nhlmZtjQ4JLJ/WKxd
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.dutygroup.com.br - Port:
21 - Username:
[email protected] - Password:
MelayeResults23@
Targets
-
-
Target
Technical Datasheet.exe
-
Size
622KB
-
MD5
7ff90a232ed79406484bb4ed486b59dd
-
SHA1
9f1a07f1766769eb43c17eeaee6f5b3b0d40101d
-
SHA256
5d87d27a8034f66903bcfcbb0c4d325072ff13579b5b1e36aee0e25d9756cc1a
-
SHA512
de9f7e99af7e2e7184e1cdaf0dd30847092f0f30268b3422a9f0a6a2d9d10c31dd54a51de2da65ab1eda7620ea860c09c3d9b485ba974908afa2be9d77ce2b21
-
SSDEEP
12288:2VtzLwreFyRnPDDVgKGhYF7kPv+0WglDlUHZt4gfI4Jph8AaGWfJ+kDONxdb:nfdPnVgC1kPv+0nhlmZtjQ4JLJ/WKxd
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-