General
-
Target
f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3.zip
-
Size
514KB
-
Sample
241101-tjbn9a1kbv
-
MD5
a03e725a75fa9a2a28eae6bfc6cd085d
-
SHA1
6251653f799a37322bcb7fdc6009eb1ef573b0cd
-
SHA256
f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3
-
SHA512
f413cc950d8382581af6e51742663c907811c9789a94c9c71b7901a6d497b37f50949930fdfa91a3e0c0e9bce695ef41ac26ffba6737c8f5a1e81ebe4a643763
-
SSDEEP
12288:yjYult3PU4/qJfkUawsIRYF5P75AO96jRayiP85JB/:yPX0JcUawKDpEjRPi6B/
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.albaniandailynews.com - Port:
587 - Username:
[email protected] - Password:
125875.jUkT
Extracted
Protocol: smtp- Host:
mail.albaniandailynews.com - Port:
587 - Username:
[email protected] - Password:
125875.jUkT
Targets
-
-
Target
7vM8S5ANDakbWGy.exe
-
Size
565KB
-
MD5
d5f46247a99f52bc1464c0366e03b24c
-
SHA1
4a19b3420b2b3d58ed89f553644135015405b1bc
-
SHA256
be2bc33b9acb5b939bc7cba84521cda274380a09b4acbe6e9696b8183352b5e8
-
SHA512
11cf62f5d2ee48635b635b9750fb0d4b2b73c3e2514d75f00e99330445bd8124b8b98d3bb624cba0e14769cb8726493e232369d678d748ef958bab78221d9e91
-
SSDEEP
12288:FuzVOiK53tnv1Z5TpVqBvwz3GNjSTGW4tH:oGv5XqViTGJ
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
5Credentials In Files
4Credentials in Registry
1