General
-
Target
73585b741b93d75ca967da593b35e993ec9fb7f06ee4bb8661a25932e98ca2a6.exe
-
Size
234KB
-
Sample
240429-leq95sfb64
-
MD5
2170d820161215b951423a014e42b7dd
-
SHA1
c3e0749d76d2df099de91e0d625d11cb22afb110
-
SHA256
73585b741b93d75ca967da593b35e993ec9fb7f06ee4bb8661a25932e98ca2a6
-
SHA512
d845f9fd6b67bc5a26056aaaf3a240982b4b2203489417a8742d8b6fc31f9bcaca11c1b9116a202a081bf09489a1484fc97e0105a82cd3cb8f6eb638168586a4
-
SSDEEP
3072:abmyuyGKIduUkbAHX8MDWMfRRK3T5QjoY4Rzv:abmyuyGKIduzbAHXDXCmol
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
goodwillapparels.com - Port:
587 - Username:
[email protected] - Password:
7FdCuO!QWpHV - Email To:
[email protected]
Targets
-
-
Target
73585b741b93d75ca967da593b35e993ec9fb7f06ee4bb8661a25932e98ca2a6.exe
-
Size
234KB
-
MD5
2170d820161215b951423a014e42b7dd
-
SHA1
c3e0749d76d2df099de91e0d625d11cb22afb110
-
SHA256
73585b741b93d75ca967da593b35e993ec9fb7f06ee4bb8661a25932e98ca2a6
-
SHA512
d845f9fd6b67bc5a26056aaaf3a240982b4b2203489417a8742d8b6fc31f9bcaca11c1b9116a202a081bf09489a1484fc97e0105a82cd3cb8f6eb638168586a4
-
SSDEEP
3072:abmyuyGKIduUkbAHX8MDWMfRRK3T5QjoY4Rzv:abmyuyGKIduzbAHXDXCmol
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-