General
-
Target
015607e8bac1313358f12bcf3aa8220a_JaffaCakes118
-
Size
1.2MB
-
Sample
240426-why49shg8s
-
MD5
015607e8bac1313358f12bcf3aa8220a
-
SHA1
9e9eeef939e6600ae5dd0797d5a9871c5d6d901a
-
SHA256
4a2250f15e72facaafc32d9f3de29e1cf3e9141b96e7229167b538ed4b5c20b4
-
SHA512
1aebe8adfa1fb868f7b4d14e4c60a0731c3f5558e26b4c205686b920019f5fb60b14257e9b5efec7bd4ebeefa2bb1bb969f0bc8dea4c7e3124d7f3d5d30939f1
-
SSDEEP
6144:sgdRIl7AhkPu/076WyyZJMUjfCm4U544z4LXIuVo1APi+R5D0XmKUjPSOtUuO:s/CP/9/yZJB4M4I4syhqBXmKUWh
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
michaeladrian031980@yandex.ru - Password:
Ndubuisi@0380
Targets
-
-
Target
5678765678.exe
-
Size
503KB
-
MD5
68fac1b3821a7c6813752d7b233e567b
-
SHA1
26890d10df2a0b7cda7dd2898254dd1befb28bc0
-
SHA256
00d0e1852c2502d4660ce5e286b417531166690478309d95beb7a20e24fcfffa
-
SHA512
ce4c14431e68d1bab2f4d6a01675e9acd604bfdc3f2b4acecbe34f59332b11125bf5473dc4f278fca6db214706011273e78022fb45501d2ae786711a76a3d2a7
-
SSDEEP
6144:ogdRIl7AhkPu/076WyyZJMUjfCm4U544z4LXIuVo1APi+R5D0XmKUjPSOtUuO:o/CP/9/yZJB4M4I4syhqBXmKUWh
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-