General
-
Target
47a0081b9d1154fc080d41a09c88edc769ebb2713ab8c558dc6504de5534b05e
-
Size
611KB
-
Sample
240327-cfq64ahh94
-
MD5
b6082cd8ee46d9dc2ba522a95aa64953
-
SHA1
f6276494d1ce9ec427b6fd5d66d2a70d015dc3e0
-
SHA256
47a0081b9d1154fc080d41a09c88edc769ebb2713ab8c558dc6504de5534b05e
-
SHA512
30d49265376e8ed7578fa5a11848712b8ef305da3473f1f92d22f1cc8745415946c7c7a442b5437198282fa9c4c8a149767d6a4fcccd5505e5e9799ff8ec0c8f
-
SSDEEP
12288:ktHNbHiG2ue2PymVBqMAzdpeTpi4A/AcOFaJ0fGkMY36qf0kCAna5W:krbHiLue26mVgMAzdMTptUuFa6OJYvpb
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.toliddaru.ir - Port:
587 - Username:
[email protected] - Password:
Aa@1401 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.toliddaru.ir - Port:
587 - Username:
[email protected] - Password:
Aa@1401
Targets
-
-
Target
47a0081b9d1154fc080d41a09c88edc769ebb2713ab8c558dc6504de5534b05e
-
Size
611KB
-
MD5
b6082cd8ee46d9dc2ba522a95aa64953
-
SHA1
f6276494d1ce9ec427b6fd5d66d2a70d015dc3e0
-
SHA256
47a0081b9d1154fc080d41a09c88edc769ebb2713ab8c558dc6504de5534b05e
-
SHA512
30d49265376e8ed7578fa5a11848712b8ef305da3473f1f92d22f1cc8745415946c7c7a442b5437198282fa9c4c8a149767d6a4fcccd5505e5e9799ff8ec0c8f
-
SSDEEP
12288:ktHNbHiG2ue2PymVBqMAzdpeTpi4A/AcOFaJ0fGkMY36qf0kCAna5W:krbHiLue26mVgMAzdMTptUuFa6OJYvpb
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-