General
-
Target
jpgcamscanner_20240521_0072345_JPEG.bat.exe
-
Size
370KB
-
Sample
240522-wn6rasbc2w
-
MD5
18776562551c3adcdc9f49c013772fbd
-
SHA1
ee124b7cd0296b4e524454ab12059b8be60bc002
-
SHA256
05df6f3430171cb7db9fa5f6782b8f67b14079b6e1dffbb013c33ca91b1ad5d3
-
SHA512
c16b5c1c7822af0bee4d5f9707e00a4513e00b0925844fa3c8ba8afbaf7172d2b185dfaf8b1bc1fdce00c6a44d62d34d5bf611c0a2219de0a030ea2f64767364
-
SSDEEP
6144:MDGIRuoQiOd9kyzCiY1vJ/BnA+XCzW8w3hRTMiZ4rbcevq:zItQiOdCyzItA+XLRQiZWC
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.instantprint.ro - Port:
21 - Username:
[email protected] - Password:
playmen123#@
Targets
-
-
Target
jpgcamscanner_20240521_0072345_JPEG.bat.exe
-
Size
370KB
-
MD5
18776562551c3adcdc9f49c013772fbd
-
SHA1
ee124b7cd0296b4e524454ab12059b8be60bc002
-
SHA256
05df6f3430171cb7db9fa5f6782b8f67b14079b6e1dffbb013c33ca91b1ad5d3
-
SHA512
c16b5c1c7822af0bee4d5f9707e00a4513e00b0925844fa3c8ba8afbaf7172d2b185dfaf8b1bc1fdce00c6a44d62d34d5bf611c0a2219de0a030ea2f64767364
-
SSDEEP
6144:MDGIRuoQiOd9kyzCiY1vJ/BnA+XCzW8w3hRTMiZ4rbcevq:zItQiOdCyzItA+XLRQiZWC
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Loads dropped DLL
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/BgImage.dll
-
Size
7KB
-
MD5
143c1b18ccd1ab2ceed02caf0e06ef8a
-
SHA1
b59d780e0a85f816b41aa657d4a643d77bd20a99
-
SHA256
8920afae5d9c06f6ba1f254a1e32ac2acfb0fdb11ab2158cfe880a191045e3d7
-
SHA512
91bd09610679224a7774044b16054721567385d3faa241e72b51f27ef660870f7282e887016df492d5b3ab3b6d9c130e036258c4f27d5ca4cc3a12b76ff71b39
-
SSDEEP
96:8eS0AKTIfv7QCUsthvNL85s4lk38Eb3CDfvEh8uLzqk5nLiEQjJ3KxkP:t8BfjbUA/85q3wEh8uLmcLpmP
Score1/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
b0c77267f13b2f87c084fd86ef51ccfc
-
SHA1
f7543f9e9b4f04386dfbf33c38cbed1bf205afb3
-
SHA256
a0cac4cf4852895619bc7743ebeb89f9e4927ccdb9e66b1bcd92a4136d0f9c77
-
SHA512
f2b57a2eea00f52a3c7080f4b5f2bb85a7a9b9f16d12da8f8ff673824556c62a0f742b72be0fd82a2612a4b6dbd7e0fdc27065212da703c2f7e28d199696f66e
-
SSDEEP
192:4PtkiQJr7jHYT87RfwXQ6YSYtOuVDi7IsFW14Ll8CO:H78TQIgGCDp14LGC
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
eac1c3707970fe7c71b2d760c34763fa
-
SHA1
f275e659ad7798994361f6ccb1481050aba30ff8
-
SHA256
062c75ad650548750564ffd7aef8cd553773b5c26cae7f25a5749b13165194e3
-
SHA512
3415bd555cf47407c0ae62be0dbcba7173d2b33a371bf083ce908fc901811adb888b7787d11eb9d99a1a739cbd9d1c66e565db6cd678bdadaf753fbda14ffd09
-
SSDEEP
96:oXHqZ4zC5RH3cXX1LlYlRowycxM2DjDf3GEst+Nt+jvDYx4AqndYHnxss:oXHq+CP3uKrpyREs06YxcdGn
Score3/10 -