General
-
Target
f22c87ba0d5b77eabde84226e7ebeb547b0c973574b9dac519f93dd40fed3688
-
Size
324KB
-
Sample
240430-by8cnage25
-
MD5
d9fa68fea0d4373c2e3f80c75d88d2ee
-
SHA1
eb2d43153efbda76f653705c1dbe86101e0e54e0
-
SHA256
f22c87ba0d5b77eabde84226e7ebeb547b0c973574b9dac519f93dd40fed3688
-
SHA512
1b4c548eea340a1e96970bb97f86a4881285b016132761343dbcf5bc9e5c7132ae2ad2b4a4a0afc675d206496a46aa28de43beb21dc723fd5032cfdd9acf2f67
-
SSDEEP
6144:UsUoKTo8Mlb6VkJYSap9jE+L/ZO3DmOvCxGNu2Qwuk/ReNJVLrSTUQcsL8AM:UsLX8Mlb6iJYSgxEoZO3DmJUNu2QwZa3
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot7120748756:AAFZ1rNHWvZ2WKxfHU3qxCCnCA0rgvXj0Ts/
Targets
-
-
Target
4292024_1714395150.Scr
-
Size
337KB
-
MD5
5032b8bc6078eeadec52b4cbb019c1b1
-
SHA1
4b7f62d3320da8f211ae010cdd88d1eebbc13c8c
-
SHA256
35098ec666a2f092a16adee968c8bdba5ff18bf0febac3642a3a1d6641666c1c
-
SHA512
51d2bee10c94d93dfa7563736f1721b066cd370e47312b9f2a041d2cb2134257f361363d6474e5fcc01c145b9c004be7b14f33dd171569df0ee2e2d66e937513
-
SSDEEP
6144:iMCmPfvevASSPriWwoS4bNIuEvp7+BsUf2QwBMK9pA3DEHJLJqhPWgS:PHvi3Micb6uUUf2QwywpODEpVgWB
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-