General
-
Target
345cbeb4d36f5105cc3310869d4dfb0d4767e1da39ee250aaf83a4e6b5923ea5
-
Size
523KB
-
Sample
241122-brrfkaxmfr
-
MD5
ef7714940bb7216788f56dab792ed3b0
-
SHA1
828d1953fe85b98f0d2a5f00fd7e59fa151dd02e
-
SHA256
345cbeb4d36f5105cc3310869d4dfb0d4767e1da39ee250aaf83a4e6b5923ea5
-
SHA512
aa18fc0e04d52aad4d4650948003b8e19618abdac4a254e8132e2377933899d1b03cedfb0bcf18791fdea1ccb9cddb423c08d3e54f174fc472ad0ced89ae3f6f
-
SSDEEP
12288:vYcndtWt5LAiFl/rYCCZdd7Us9zue3o1MCksxfbyLJBJkolAgLV:vYcWtiijrYCCZdNUKzua+M7sxc
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
darkeyedarkeye12
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
darkeyedarkeye12
Targets
-
-
Target
345cbeb4d36f5105cc3310869d4dfb0d4767e1da39ee250aaf83a4e6b5923ea5
-
Size
523KB
-
MD5
ef7714940bb7216788f56dab792ed3b0
-
SHA1
828d1953fe85b98f0d2a5f00fd7e59fa151dd02e
-
SHA256
345cbeb4d36f5105cc3310869d4dfb0d4767e1da39ee250aaf83a4e6b5923ea5
-
SHA512
aa18fc0e04d52aad4d4650948003b8e19618abdac4a254e8132e2377933899d1b03cedfb0bcf18791fdea1ccb9cddb423c08d3e54f174fc472ad0ced89ae3f6f
-
SSDEEP
12288:vYcndtWt5LAiFl/rYCCZdd7Us9zue3o1MCksxfbyLJBJkolAgLV:vYcWtiijrYCCZdNUKzua+M7sxc
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-