General
-
Target
5440b600e0e6697e63b48eb09ab81c0e
-
Size
1.0MB
-
Sample
240111-w3qnmaefb3
-
MD5
5440b600e0e6697e63b48eb09ab81c0e
-
SHA1
5a29e9bc01719df24de302b686c60662d4c06d7d
-
SHA256
735694a7f2a6d4d3d004171c2f7f63170342fadf8dcf57ce482660fa26099c93
-
SHA512
9bf3f9ca511a83c3dc10de2e5f7d7ce4c48d8632db4730340f277a6653e7ea208cf56398894ca5ae6349da5e330ed7925418b86efda7f92b94f5186f9b658c7c
-
SSDEEP
12288:jldcUo2Ahe9TebuuSnIfMwq4rwL8t3SJWZ3gsPQrmADbPwbCiEqoqFX/N1fVNiaP:no2A4dLTwNQWisPu7bIpEqp/NJKaoG
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ozbayplastik.com.tr - Port:
587 - Username:
[email protected] - Password:
ozbay4525
Targets
-
-
Target
5440b600e0e6697e63b48eb09ab81c0e
-
Size
1.0MB
-
MD5
5440b600e0e6697e63b48eb09ab81c0e
-
SHA1
5a29e9bc01719df24de302b686c60662d4c06d7d
-
SHA256
735694a7f2a6d4d3d004171c2f7f63170342fadf8dcf57ce482660fa26099c93
-
SHA512
9bf3f9ca511a83c3dc10de2e5f7d7ce4c48d8632db4730340f277a6653e7ea208cf56398894ca5ae6349da5e330ed7925418b86efda7f92b94f5186f9b658c7c
-
SSDEEP
12288:jldcUo2Ahe9TebuuSnIfMwq4rwL8t3SJWZ3gsPQrmADbPwbCiEqoqFX/N1fVNiaP:no2A4dLTwNQWisPu7bIpEqp/NJKaoG
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-