General
-
Target
e886fc4734fee8c0445802549df61e16.bin
-
Size
639KB
-
Sample
240330-cdjdgaee8x
-
MD5
aa310e2b10052181cebfa434d79bc402
-
SHA1
4709cf018f377d05811e414e834e40a035d21434
-
SHA256
14cdf47fe0ac1ba71e42dd1776180cce43166e0e91ac2cb265ab630f4bf4cc9a
-
SHA512
5fe6794a8900960d30842cd3f8926165df43ea622f9ef86faf18db597b7e5ed1a515b866c8b53d3b34c7db9e0c341941684db72aae568c9e98152e37864b0988
-
SSDEEP
12288:2GiDCReHzfTaw9gBgx+7NG7JpmvLFiHN2BOVlA+ny8a0ssa71r8qKBV8UT:2VDCRCzfTaSQA+7NG6vLIH/4n8Bss61U
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.normagroup.com.tr - Port:
21 - Username:
[email protected] - Password:
Bossu_56@@12345@_
Extracted
Protocol: ftp- Host:
ftp.normagroup.com.tr - Port:
21 - Username:
[email protected] - Password:
Bossu_56@@12345@_
Targets
-
-
Target
8a54d486d4b795af1b8f7506dfa69e2e9fc298a361521af183cb9809cdc3d68b.exe
-
Size
684KB
-
MD5
e886fc4734fee8c0445802549df61e16
-
SHA1
373856ccf95b0aba82a3bea3066fcc657046d78d
-
SHA256
8a54d486d4b795af1b8f7506dfa69e2e9fc298a361521af183cb9809cdc3d68b
-
SHA512
274073137bb5505a9e139b361b5a873227cf8f2e4b44834ce83dab8aaf5d87d04c0048305eda99789d62f805e9649b60adbc192355e8eefbf3a357d566b3957b
-
SSDEEP
12288:O/H30YOwqOpJWGEDC2qlHcf1LUTEYct5gWgbrWN3DrSD0ZrTBCu7VzbxTstF8:iO7MCDA2W+JgbrWFDW0ZrTT7Vt0F8
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-