General
-
Target
e8f211d297be45627ca91c05e763368a.bin
-
Size
604KB
-
Sample
240418-chcfqahd61
-
MD5
626d43096b237ab103c871a16ff498b7
-
SHA1
ab3e5c49450340089e4f7b85db6f01c3b4ab2239
-
SHA256
f69bf1e59ba1d8f0e148c8d512e2a1dbcbda8a3085e84705f8a9e41d6e606a4b
-
SHA512
defd6f4c3529401189b314a4b35e649c60582666c8fa2092e6531a0b4bf1b2baa411e6f3663d99f73365c0e3663801070a4ded3318178fc4e17e353f1f3e67c7
-
SSDEEP
12288:Hxxckj/X0gQ7phddj3CQzBbz6NinLN/CU9UDWMjbFOXeK/fyD6Y1v38cpVGORCq:Hz/j/X0gQNd7C6bWwN/UD/MCP9GOj
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sekmenlermakina.com - Port:
587 - Username:
[email protected] - Password:
Map-121416 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.sekmenlermakina.com - Port:
587 - Username:
[email protected] - Password:
Map-121416
Targets
-
-
Target
ba03ce2bfa7e568a1f401420156219b97fce9bbfb3fb391783c804ac75df665e.exe
-
Size
621KB
-
MD5
e8f211d297be45627ca91c05e763368a
-
SHA1
21683a8b9a1c284f7fe1cdb7d352bd7120d5ae31
-
SHA256
ba03ce2bfa7e568a1f401420156219b97fce9bbfb3fb391783c804ac75df665e
-
SHA512
2e782020cbe6ef0a16f6ac044661e8a00359873fe66281c0533e8af2e1f2dfabbf45fc4a155601ca00cad27805a62049139a9aeb48af74585ca82d44911f36e5
-
SSDEEP
12288:Qnte+gwIX03AGxVTDzRtQQqaXKsGI8lL2Ff+p7eT1WeY+XL29jFoMVmXRyc8Ari4:oeYnxVTDtOQXHz8lL2FyO1Wob2nVVmRt
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-