General
-
Target
5b0b5154cfa07104cd8b66125de0a8a027cc34fc8f9f5be253585eaf5b4222f5.exe
-
Size
1.3MB
-
Sample
240522-scp3mafb8t
-
MD5
8cfaea18edcfaa6d07b767f536dd49b8
-
SHA1
fb5c9207fe390526d2c7a1a4602cb13e9947400c
-
SHA256
5b0b5154cfa07104cd8b66125de0a8a027cc34fc8f9f5be253585eaf5b4222f5
-
SHA512
769d7732517188ab5ed93c5d091ff9be85e16a1f9a36e4cbb67f05e8d6e733d8723f487496c5d405ac6f19cad8737b72d54dae83c6764e944ee435562f98bc9e
-
SSDEEP
24576:Mk3r2BvMMMU/tHSk4RaH6s5KvgpLOfi0uOULYxp9v+ocVhOvrgXRwzxam:7y9Mj9opLGiJYxvv+omh6gXR+4m
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.svetigeorgije.co.rs - Port:
21 - Username:
[email protected] - Password:
4c5H&b2whkD9
Targets
-
-
Target
5b0b5154cfa07104cd8b66125de0a8a027cc34fc8f9f5be253585eaf5b4222f5.exe
-
Size
1.3MB
-
MD5
8cfaea18edcfaa6d07b767f536dd49b8
-
SHA1
fb5c9207fe390526d2c7a1a4602cb13e9947400c
-
SHA256
5b0b5154cfa07104cd8b66125de0a8a027cc34fc8f9f5be253585eaf5b4222f5
-
SHA512
769d7732517188ab5ed93c5d091ff9be85e16a1f9a36e4cbb67f05e8d6e733d8723f487496c5d405ac6f19cad8737b72d54dae83c6764e944ee435562f98bc9e
-
SSDEEP
24576:Mk3r2BvMMMU/tHSk4RaH6s5KvgpLOfi0uOULYxp9v+ocVhOvrgXRwzxam:7y9Mj9opLGiJYxvv+omh6gXR+4m
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-