General
-
Target
e0d349137260345e94ccb0f523cb839fce339e1ae6ef0fd86f6dcb0de29f2580
-
Size
615KB
-
Sample
240606-bky7tsed29
-
MD5
13027b54d3f1da32e29814d27a38cea1
-
SHA1
91ee76743ca95f42d11b975382824d9393a7fcec
-
SHA256
e0d349137260345e94ccb0f523cb839fce339e1ae6ef0fd86f6dcb0de29f2580
-
SHA512
fd515b4595c9b6eb815943d8445ba55ed02fa0db6ec271f385aaf4216387a49f4d4535a41472eabd3f887d8f7d70c985c28b7b74894c0132ec415362b78a5c9e
-
SSDEEP
12288:5H/cxJqWxB0/kzL8ZioPcCgw6SpXbYBzkW/yFlkeseJ7MBUjhPAlU0TbE2Id6+c:5fcxJqWk/aL8MlSpLYBY+ybkeseJKwY/
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6398508790:AAFROO4FvHYek5_hchyogAsV7yTvxfINRRg/
Targets
-
-
Target
CV Elena Alba Garcia.exe
-
Size
635KB
-
MD5
af4c4394fd76d48c76265fa7393dbaf1
-
SHA1
d08fe29a6362e1416ea464766beb2e5120a8d347
-
SHA256
4c677969cde4b12fede4247e99653415ccf938d98d4958d99af13193cefab844
-
SHA512
fa0a58d48584e3547c643c5df0f2783ba73d584306630feb4a9abd32f583df48d25339ed964393e12c52717a33168c9e65ea6b58c6e6525d9ed216952a895738
-
SSDEEP
12288:Ia9PJCwxBS/ktL8picnoYgwkSpX3MBdkFIyFLkEseB7U5UjJJ++BzqyJM:ICPJCwi/+L84tSpHMBqGydkEseB4eJ+I
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-