General
-
Target
2dd39b1e465a3f10c68e8308be15828e.exe
-
Size
1.5MB
-
Sample
231101-mk4yvshb36
-
MD5
2dd39b1e465a3f10c68e8308be15828e
-
SHA1
b93e92b6c7223534f8158e03bd72d51134034aab
-
SHA256
c04ecf27d9572c83cbf0c32fba2dfdac4470324366ecc8fa458933a4024f4a73
-
SHA512
ea89e3e6b15de9860bf617c7281d9eb3a79e8552d10519fd21f1929d99abac9e2b1a0786bf746c7c1eae5e1d1c8cabb918197ad6f6f769714d569d799c1acedf
-
SSDEEP
24576:JWV54+EXd+6+HSB9JdYs5fq+z5fq+sOT75fq+W5fq+tJX5fq+z0sz5fq+Q5fq+:DdB9JdzrOEIZJVXG
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.heidloph.com/ - Port:
21 - Username:
[email protected] - Password:
EUjZJ)6(1=CL
Targets
-
-
Target
2dd39b1e465a3f10c68e8308be15828e.exe
-
Size
1.5MB
-
MD5
2dd39b1e465a3f10c68e8308be15828e
-
SHA1
b93e92b6c7223534f8158e03bd72d51134034aab
-
SHA256
c04ecf27d9572c83cbf0c32fba2dfdac4470324366ecc8fa458933a4024f4a73
-
SHA512
ea89e3e6b15de9860bf617c7281d9eb3a79e8552d10519fd21f1929d99abac9e2b1a0786bf746c7c1eae5e1d1c8cabb918197ad6f6f769714d569d799c1acedf
-
SSDEEP
24576:JWV54+EXd+6+HSB9JdYs5fq+z5fq+sOT75fq+W5fq+tJX5fq+z0sz5fq+Q5fq+:DdB9JdzrOEIZJVXG
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-