General
-
Target
8003ed6e1a8e2433e447a6d541651947720dbdafb975e6dc7fbadbfd65bbe836
-
Size
245KB
-
Sample
240613-dbvt6avhlk
-
MD5
179fd0c6cdfde239a13760df509fdc98
-
SHA1
b9ac2610c78adb92c131327701088764b2a40bad
-
SHA256
8003ed6e1a8e2433e447a6d541651947720dbdafb975e6dc7fbadbfd65bbe836
-
SHA512
38176a7ed618ea83bea5ba009134524c3cb1f9899a4ddf151a70c7adaa35c40f432f11d847867a1ba6b0f8a7869591233cbac445b094f08812dfaca43bfc332a
-
SSDEEP
3072:BYoI0Qk4L/9XHqwnq93Tb/FYYRotBWjiPZ588iQ3xU:BbI0Qk4L/9XKwnqRbdhuBiUxiY
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.greaterdoha.com - Port:
587 - Username:
[email protected] - Password:
baller01baller01 - Email To:
[email protected]
Targets
-
-
Target
8003ed6e1a8e2433e447a6d541651947720dbdafb975e6dc7fbadbfd65bbe836
-
Size
245KB
-
MD5
179fd0c6cdfde239a13760df509fdc98
-
SHA1
b9ac2610c78adb92c131327701088764b2a40bad
-
SHA256
8003ed6e1a8e2433e447a6d541651947720dbdafb975e6dc7fbadbfd65bbe836
-
SHA512
38176a7ed618ea83bea5ba009134524c3cb1f9899a4ddf151a70c7adaa35c40f432f11d847867a1ba6b0f8a7869591233cbac445b094f08812dfaca43bfc332a
-
SSDEEP
3072:BYoI0Qk4L/9XHqwnq93Tb/FYYRotBWjiPZ588iQ3xU:BbI0Qk4L/9XKwnqRbdhuBiUxiY
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-