General
-
Target
ZAMÓWIENIE_N.231003119.exe
-
Size
849KB
-
Sample
231103-mjst7sgc5v
-
MD5
4e9e73864aab423f3ffc1c03c01b50fb
-
SHA1
1b4970fc703361db5d8513c33f56c23eecc2493e
-
SHA256
e906e2afb0ada6f36cfed5bb9de846f9561b6c6885bb151b0b1d266563e16bab
-
SHA512
5db479ff5bc97c1be0a670e73fb4dc92e086da3009ad7137414dba9faed2f08655f133ad45da4b10c5f4dee3e2bc169b8aabafeb6c93e722e89d20b04d3accf2
-
SSDEEP
12288:DvR0jRi5CgvffXrlWDQc7M9wB31RNQdaBNqdDBXKGbFtom0YY:DvYMLHvpzcvB3ktDNKq+
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.vila-gabriel.ro - Port:
21 - Username:
[email protected] - Password:
bVkMH6R.pfF~NN@ossy$W!_pz[bh!9l(MU%UtX9L^W}vO=mn*g*;]}]
Targets
-
-
Target
ZAMÓWIENIE_N.231003119.exe
-
Size
849KB
-
MD5
4e9e73864aab423f3ffc1c03c01b50fb
-
SHA1
1b4970fc703361db5d8513c33f56c23eecc2493e
-
SHA256
e906e2afb0ada6f36cfed5bb9de846f9561b6c6885bb151b0b1d266563e16bab
-
SHA512
5db479ff5bc97c1be0a670e73fb4dc92e086da3009ad7137414dba9faed2f08655f133ad45da4b10c5f4dee3e2bc169b8aabafeb6c93e722e89d20b04d3accf2
-
SSDEEP
12288:DvR0jRi5CgvffXrlWDQc7M9wB31RNQdaBNqdDBXKGbFtom0YY:DvYMLHvpzcvB3ktDNKq+
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-