General
-
Target
9e132562718eeb451808cfb21548977417230874a3e634be1b44962d2cb245ad.exe
-
Size
234KB
-
Sample
241002-g9fdxa1grm
-
MD5
22b24e4a81e510abdbeaa31bc0ab6502
-
SHA1
3790b4956a90a22d3bc2764b848506fbcb666d5e
-
SHA256
9e132562718eeb451808cfb21548977417230874a3e634be1b44962d2cb245ad
-
SHA512
6853dca9121698ed7a48582ef44d2821d4a77b2d0fad9a1eb9f20174de4789c281a6b1f955c1360d174798dba95196bd855d63a30e653be08a2e9939285cad78
-
SSDEEP
3072:flHkOmyuyGbrtNUxDGcV5bA7otIu4o6KM0V5lYOwY+P:flHbmyuyGNNUxDGcV5bA6V6K5zwn
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dai-logistic.co.id - Port:
587 - Username:
[email protected] - Password:
domestic1234 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.dai-logistic.co.id - Port:
587 - Username:
[email protected] - Password:
domestic1234
Targets
-
-
Target
9e132562718eeb451808cfb21548977417230874a3e634be1b44962d2cb245ad.exe
-
Size
234KB
-
MD5
22b24e4a81e510abdbeaa31bc0ab6502
-
SHA1
3790b4956a90a22d3bc2764b848506fbcb666d5e
-
SHA256
9e132562718eeb451808cfb21548977417230874a3e634be1b44962d2cb245ad
-
SHA512
6853dca9121698ed7a48582ef44d2821d4a77b2d0fad9a1eb9f20174de4789c281a6b1f955c1360d174798dba95196bd855d63a30e653be08a2e9939285cad78
-
SSDEEP
3072:flHkOmyuyGbrtNUxDGcV5bA7otIu4o6KM0V5lYOwY+P:flHbmyuyGNNUxDGcV5bA6V6K5zwn
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-