General
-
Target
7a43598ff7b62a711389146aa6bd97aa.bin
-
Size
534KB
-
Sample
240613-b72w8stdmk
-
MD5
dfe6bc251e2d0e5e44abdade5ba65e50
-
SHA1
6aee51af7bf0d9a3043d241615d947c568b4205f
-
SHA256
733883b69538b28574906ebf5e0cacec2e3031d857e7487b9b27eced3f81e48a
-
SHA512
58890b42c5c2bb4268508cf23db224ce4fb91ff64bfee7566f6786eb2f624232089d61ad49bdcbd0ab973a76d3b11be380398a0a6afaf42c7442fd1c1a803ca2
-
SSDEEP
12288:oihTDhxDpunF2sOGvGusiZuUbu7QPA2C8EUeH:Lh/hx9unEsOGvHsiwZhfP
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.svetigeorgije.co.rs - Port:
21 - Username:
[email protected] - Password:
4c5H&b2whkD9
Targets
-
-
Target
afb9b832b61a4c5152e1747afaed615fdfb2d79d42c4bc683ade8c0de25cde8d.exe
-
Size
695KB
-
MD5
7a43598ff7b62a711389146aa6bd97aa
-
SHA1
2855cb5c847938704dcae39267cff76cdc50c647
-
SHA256
afb9b832b61a4c5152e1747afaed615fdfb2d79d42c4bc683ade8c0de25cde8d
-
SHA512
f418d43d2e7a0b23fb3e509d6903b3d5e4fd12b37f0bd573ab84d1db51889f57488aa913ae88db3a2e3cfeb957e7ff969d358a37c793c9a703450607802a126d
-
SSDEEP
12288:4W/RA5STkep6Mlqnl3LkcBDVXFamBD/UFHn0+HrBSxF6w7RTIYDX:4Mm5SH6MIl3LkGDhsmD/U0WO7xIc
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-