General
-
Target
308d96cbb4215c4900ece960e1c4042a0137f0aaad60f1c4eecae0a541ed00f0
-
Size
689KB
-
Sample
240430-b7bp2sgg67
-
MD5
39e05a59126848d15dfacf8cdbf756cb
-
SHA1
c7eb7c1940434374b3061b5da1f46aeb2a4880ae
-
SHA256
308d96cbb4215c4900ece960e1c4042a0137f0aaad60f1c4eecae0a541ed00f0
-
SHA512
a354540178f1661cd8fddcc99ee10f3a3f510ceb4ea21da780e450a06a8fb979f1515c4fb883f40be50d10d08a2461f91dedb954d2831e57232e181516d5d8b8
-
SSDEEP
12288:c+DbgkB778QeS4QIl1IS5zO91f3Eupk4j9wsoCN9tdq5:VgkBeQu9O91f3ruPY9q5
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://eu-west-1.sftpcloud.io - Port:
21 - Username:
6248aba3e30c4d5ca11aad04dd95e385 - Password:
DmEnBqH5w7NurkaD91VotzcZtKMTXKbe
Targets
-
-
Target
308d96cbb4215c4900ece960e1c4042a0137f0aaad60f1c4eecae0a541ed00f0
-
Size
689KB
-
MD5
39e05a59126848d15dfacf8cdbf756cb
-
SHA1
c7eb7c1940434374b3061b5da1f46aeb2a4880ae
-
SHA256
308d96cbb4215c4900ece960e1c4042a0137f0aaad60f1c4eecae0a541ed00f0
-
SHA512
a354540178f1661cd8fddcc99ee10f3a3f510ceb4ea21da780e450a06a8fb979f1515c4fb883f40be50d10d08a2461f91dedb954d2831e57232e181516d5d8b8
-
SSDEEP
12288:c+DbgkB778QeS4QIl1IS5zO91f3Eupk4j9wsoCN9tdq5:VgkBeQu9O91f3ruPY9q5
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-