General
-
Target
f3c6cdcea8bb73ec15cf5b22baad056b8a62fa6148355f26741eb942b711f57e
-
Size
1.0MB
-
Sample
240430-bnvntage4y
-
MD5
b7fd23b69ae352e453842174f1ed48cf
-
SHA1
e9783e4a4d7d9a23ca4971565c1b97bc48998d2d
-
SHA256
f3c6cdcea8bb73ec15cf5b22baad056b8a62fa6148355f26741eb942b711f57e
-
SHA512
d5f0608b3f7b7bcb675eb7ab82d3a505df345706effb80119d0de7455dd58b770db6e7952de60070fdac1b4bb48fe393ca1578efd72d6a6148176ab43fa48b87
-
SSDEEP
24576:KAHnh+eWsN3skA4RV1Hom2KXMmHanw1glzZZ/1iE5:dh+ZkldoPK8YanF9p
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.corpsa.net - Port:
21 - Username:
[email protected] - Password:
-E~O8rekW5UT
Targets
-
-
Target
f3c6cdcea8bb73ec15cf5b22baad056b8a62fa6148355f26741eb942b711f57e
-
Size
1.0MB
-
MD5
b7fd23b69ae352e453842174f1ed48cf
-
SHA1
e9783e4a4d7d9a23ca4971565c1b97bc48998d2d
-
SHA256
f3c6cdcea8bb73ec15cf5b22baad056b8a62fa6148355f26741eb942b711f57e
-
SHA512
d5f0608b3f7b7bcb675eb7ab82d3a505df345706effb80119d0de7455dd58b770db6e7952de60070fdac1b4bb48fe393ca1578efd72d6a6148176ab43fa48b87
-
SSDEEP
24576:KAHnh+eWsN3skA4RV1Hom2KXMmHanw1glzZZ/1iE5:dh+ZkldoPK8YanF9p
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-