General
-
Target
d43bbb12439e01cfb7ef776c0ed2360b82fa28d83c5162797695f2cd9bec4713
-
Size
2.4MB
-
Sample
241212-bm147szlcn
-
MD5
7eb27936f4d6f81dc26dc7da0ec3bb70
-
SHA1
e79407b7337e5f0dbcadebca70bbd95fa1a30f1a
-
SHA256
d43bbb12439e01cfb7ef776c0ed2360b82fa28d83c5162797695f2cd9bec4713
-
SHA512
bd3e32e88464374746be1a477e77aab37b846c0897a4664783fd24d2ebf8c5f16b75c2ab76b4a3e82074cb1c55ead3dac950e613b51351945f6daa8c6c283374
-
SSDEEP
49152:x3AQbdYAm4zEbdYAm4zWbdYAm4z23Aw3AWbdYAm4zSbdYAm4zO3AWypvLe6mTPLc:VAadrWdr0drkAiA0dr4dr8AJTmbI
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.horeca-bucuresti.ro - Port:
21 - Username:
[email protected] - Password:
e)rWKbKP8~mO
Targets
-
-
Target
d43bbb12439e01cfb7ef776c0ed2360b82fa28d83c5162797695f2cd9bec4713
-
Size
2.4MB
-
MD5
7eb27936f4d6f81dc26dc7da0ec3bb70
-
SHA1
e79407b7337e5f0dbcadebca70bbd95fa1a30f1a
-
SHA256
d43bbb12439e01cfb7ef776c0ed2360b82fa28d83c5162797695f2cd9bec4713
-
SHA512
bd3e32e88464374746be1a477e77aab37b846c0897a4664783fd24d2ebf8c5f16b75c2ab76b4a3e82074cb1c55ead3dac950e613b51351945f6daa8c6c283374
-
SSDEEP
49152:x3AQbdYAm4zEbdYAm4zWbdYAm4z23Aw3AWbdYAm4zSbdYAm4zO3AWypvLe6mTPLc:VAadrWdr0drkAiA0dr4dr8AJTmbI
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-