General
-
Target
3e02ed068e33bf8b1827f2108fb78224003df70055a6933717f4b8392faf17da.exe
-
Size
1.3MB
-
Sample
240522-bs8fgagb2s
-
MD5
3303042547cb4d5dc136ffc5784fb9a6
-
SHA1
e4eb7bd9a06e1ee4080140bf0cef295972978a39
-
SHA256
3e02ed068e33bf8b1827f2108fb78224003df70055a6933717f4b8392faf17da
-
SHA512
d251747d91b290195ae2d56e7034eff6dfdfb248b63bb00f18b8321f044941bfca80a357ded22dba7830f74e87928e80d6cc12754b191a4f7579d34c7fbe3809
-
SSDEEP
24576:66EpKkF3Vy05wYK7WUTkH6s5KtDhLZK8/GBRDEMY3y0NjA1d2cO:FPbZ5hLIzBRD18HNjA1drO
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.svetigeorgije.co.rs - Port:
21 - Username:
[email protected] - Password:
4c5H&b2whkD9
Targets
-
-
Target
3e02ed068e33bf8b1827f2108fb78224003df70055a6933717f4b8392faf17da.exe
-
Size
1.3MB
-
MD5
3303042547cb4d5dc136ffc5784fb9a6
-
SHA1
e4eb7bd9a06e1ee4080140bf0cef295972978a39
-
SHA256
3e02ed068e33bf8b1827f2108fb78224003df70055a6933717f4b8392faf17da
-
SHA512
d251747d91b290195ae2d56e7034eff6dfdfb248b63bb00f18b8321f044941bfca80a357ded22dba7830f74e87928e80d6cc12754b191a4f7579d34c7fbe3809
-
SSDEEP
24576:66EpKkF3Vy05wYK7WUTkH6s5KtDhLZK8/GBRDEMY3y0NjA1d2cO:FPbZ5hLIzBRD18HNjA1drO
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects executables packed with or use KoiVM
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-