General
-
Target
39ddee34e0fff6d1bd94e33e874b035b06f037e12eb7f1e9a4f9ea9baafdd292
-
Size
744KB
-
Sample
240328-br7sjsce81
-
MD5
6e094079b963390ca476d5735d8d2c21
-
SHA1
41b3089b77841f049d0c090fee62927c71d30326
-
SHA256
39ddee34e0fff6d1bd94e33e874b035b06f037e12eb7f1e9a4f9ea9baafdd292
-
SHA512
2ef897019b77b6e302038e1e1b884aab1f95d7a19ef39924d55e18d3570468b209276ec342393e8250db7cd530e4778f26e4a1232eb4fc603bfda8587bb85ad6
-
SSDEEP
12288:Fd1JsJ6SOF1Sh2iNwzW+T9s3YK723POalXBv5uFZJvrsOucDxu5jfP93F/1PcEa6:Fdxw1GzW+Ty3323PN7v5+vgjH9VNEELo
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sencan.com.tr - Port:
587 - Username:
[email protected] - Password:
sencan3458!! - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.sencan.com.tr - Port:
587 - Username:
[email protected] - Password:
sencan3458!!
Targets
-
-
Target
39ddee34e0fff6d1bd94e33e874b035b06f037e12eb7f1e9a4f9ea9baafdd292
-
Size
744KB
-
MD5
6e094079b963390ca476d5735d8d2c21
-
SHA1
41b3089b77841f049d0c090fee62927c71d30326
-
SHA256
39ddee34e0fff6d1bd94e33e874b035b06f037e12eb7f1e9a4f9ea9baafdd292
-
SHA512
2ef897019b77b6e302038e1e1b884aab1f95d7a19ef39924d55e18d3570468b209276ec342393e8250db7cd530e4778f26e4a1232eb4fc603bfda8587bb85ad6
-
SSDEEP
12288:Fd1JsJ6SOF1Sh2iNwzW+T9s3YK723POalXBv5uFZJvrsOucDxu5jfP93F/1PcEa6:Fdxw1GzW+Ty3323PN7v5+vgjH9VNEELo
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-