General
-
Target
d70c92d827418d2ad9b016e79b9e244218a8f9aa87061eb0a53b0c680dd73608.exe.bin
-
Size
166KB
-
Sample
230505-ylqy6sch7v
-
MD5
c714cf120220c48dbe54298b07514b77
-
SHA1
465094a431221581ddcaee575c59dbc66328ae1b
-
SHA256
d70c92d827418d2ad9b016e79b9e244218a8f9aa87061eb0a53b0c680dd73608
-
SHA512
0e322c1bb8e047bbfc55be7241a5766e127736632163ec81054cd2a84ac61000a5f7e8904a863eae4cfd32087ce23fbf6982c21eea56b31a0689b0229ecb89fd
-
SSDEEP
3072:byw6vLF2N8h2MFmVFv2e+qA3ctYFXzqosCGHXG5AXq:z6kW9g1UcmDUHWmX
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bretoffice.com - Port:
587 - Username:
[email protected] - Password:
=p+zXr[{bjF& - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.bretoffice.com - Port:
587 - Username:
[email protected] - Password:
=p+zXr[{bjF&
Targets
-
-
Target
d70c92d827418d2ad9b016e79b9e244218a8f9aa87061eb0a53b0c680dd73608.exe.bin
-
Size
166KB
-
MD5
c714cf120220c48dbe54298b07514b77
-
SHA1
465094a431221581ddcaee575c59dbc66328ae1b
-
SHA256
d70c92d827418d2ad9b016e79b9e244218a8f9aa87061eb0a53b0c680dd73608
-
SHA512
0e322c1bb8e047bbfc55be7241a5766e127736632163ec81054cd2a84ac61000a5f7e8904a863eae4cfd32087ce23fbf6982c21eea56b31a0689b0229ecb89fd
-
SSDEEP
3072:byw6vLF2N8h2MFmVFv2e+qA3ctYFXzqosCGHXG5AXq:z6kW9g1UcmDUHWmX
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-