General
-
Target
fefdd32283f320a5a83d6b834c1c45f331aaaec39a51a94d5402d78646ab658e
-
Size
258KB
-
Sample
231207-dch7raghhl
-
MD5
42d36cdb8dd88a1178ab0d700fe47093
-
SHA1
6e92546b6b31263f58871f89cf52995156656cc1
-
SHA256
fefdd32283f320a5a83d6b834c1c45f331aaaec39a51a94d5402d78646ab658e
-
SHA512
8ae8b6581de51c4c97440c23086235d11b64fcdb62d829653af2ce6165c530e065c008786b2427deb681fd6f2a8eacd54765b8f3cec9312152b35f378a9b9d80
-
SSDEEP
6144:Xz0z1n8DNR1IayJnLPy4PzcC/eh+jv7qnQabyX+wT:XwCDNRyaSLa4Qyeh+XkQ0E
Malware Config
Extracted
Protocol: ftp- Host:
mydevelopmentstory.com - Port:
21 - Username:
[email protected] - Password:
ENugu@042EN
Extracted
agenttesla
Protocol: ftp- Host:
ftp://mydevelopmentstory.com - Port:
21 - Username:
[email protected] - Password:
ENugu@042EN
Targets
-
-
Target
fefdd32283f320a5a83d6b834c1c45f331aaaec39a51a94d5402d78646ab658e
-
Size
258KB
-
MD5
42d36cdb8dd88a1178ab0d700fe47093
-
SHA1
6e92546b6b31263f58871f89cf52995156656cc1
-
SHA256
fefdd32283f320a5a83d6b834c1c45f331aaaec39a51a94d5402d78646ab658e
-
SHA512
8ae8b6581de51c4c97440c23086235d11b64fcdb62d829653af2ce6165c530e065c008786b2427deb681fd6f2a8eacd54765b8f3cec9312152b35f378a9b9d80
-
SSDEEP
6144:Xz0z1n8DNR1IayJnLPy4PzcC/eh+jv7qnQabyX+wT:XwCDNRyaSLa4Qyeh+XkQ0E
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-