General
-
Target
c3cf30f78c7564162412228388adb129.bin
-
Size
643KB
-
Sample
240425-cj9slsde91
-
MD5
30bff4e2b063df7c5509cc5c89e80562
-
SHA1
a3327f3ee414b561e5db6751ba8c984fad194f85
-
SHA256
c16092d19ac4b9fd38a69536ccbbfad35f9d0a4525b8d6aa8a36f027597062f8
-
SHA512
516dcc48c5e10067133077332e57c073397a34a6e85e7b4e13dbbdb3bbf615232ab7376fc0c0782c0b6366be123b424896e7a80379b6c202568c7a2b5ec88c9a
-
SSDEEP
12288:cg0tNFDrZj80isJYU+4DyYWxRhGZBQguQhzz7tQPQN:n0tvDrZ4+EjuNuQlz7tf
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.klptruck.hu - Port:
21 - Username:
[email protected] - Password:
kCu}[Z7z+)S[
Extracted
Protocol: ftp- Host:
ftp.klptruck.hu - Port:
21 - Username:
[email protected] - Password:
kCu}[Z7z+)S[
Targets
-
-
Target
f8bb3c7c28ad6279b257469ae7e4c3e1952f50588894305ae473652add17a136.exe
-
Size
672KB
-
MD5
c3cf30f78c7564162412228388adb129
-
SHA1
e7e3ea2f0f077d7e581c91f983b44d578355620d
-
SHA256
f8bb3c7c28ad6279b257469ae7e4c3e1952f50588894305ae473652add17a136
-
SHA512
9ed98d8f904247992a53b8aa929ecde95b8a4ff6fe938cf8181884de0eea8d719da69eacb74892a9dc79b4c8b2e2ed0b9d95706e967af4dc4547f00d52e364bb
-
SSDEEP
12288:PZy9zrtb7BBj6EceQ9A0Q9iuFMiE8I2QrhhZQzigN+OdYVsZlN/:BeXt3B16XeQ9A/nE8IlWGgN+C5
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-