General
-
Target
1d567afd69f78d8338175c52071081129e491f08830f40ce140e684305499755
-
Size
2.0MB
-
Sample
240802-bd377s1cqe
-
MD5
7878b4b4fad1adf2f1f6d6a94539d29c
-
SHA1
721be6b08e6c3e87407d845ff59b961f6a4cdbfe
-
SHA256
1d567afd69f78d8338175c52071081129e491f08830f40ce140e684305499755
-
SHA512
3ae5882ba0911502a78a2a9216eb934e54d20a5802df1e157f7d6192c6cf67e36d57df788b930a3def00aec8beb68c46ad76f61d614d795c8f102659e722ab30
-
SSDEEP
49152:tB1BRf3rOSzOzrFNj8e1KbWF8K7Vk3SZTH4OWOEkw/R80DYWg1spb673t5s1cc:haRrFCI3973Ts1cc
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftps4.us.freehostia.com - Port:
21 - Username:
alamah13 - Password:
8yB4zILn1@
Extracted
Protocol: ftp- Host:
ftps4.us.freehostia.com - Port:
21 - Username:
alamah13 - Password:
8yB4zILn1@
Targets
-
-
Target
1d567afd69f78d8338175c52071081129e491f08830f40ce140e684305499755
-
Size
2.0MB
-
MD5
7878b4b4fad1adf2f1f6d6a94539d29c
-
SHA1
721be6b08e6c3e87407d845ff59b961f6a4cdbfe
-
SHA256
1d567afd69f78d8338175c52071081129e491f08830f40ce140e684305499755
-
SHA512
3ae5882ba0911502a78a2a9216eb934e54d20a5802df1e157f7d6192c6cf67e36d57df788b930a3def00aec8beb68c46ad76f61d614d795c8f102659e722ab30
-
SSDEEP
49152:tB1BRf3rOSzOzrFNj8e1KbWF8K7Vk3SZTH4OWOEkw/R80DYWg1spb673t5s1cc:haRrFCI3973Ts1cc
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-