General
-
Target
2a089fc9b24c5253a913526be0ac2ee62b911a96645cb70885d678c91dcb83c9.exe
-
Size
858KB
-
Sample
240628-blke3asgla
-
MD5
c7eefc30a9cdc5bab3269cefde2d221e
-
SHA1
27914bc81bdc74d9607784d9e239f5437b1e8cb1
-
SHA256
2a089fc9b24c5253a913526be0ac2ee62b911a96645cb70885d678c91dcb83c9
-
SHA512
fce33213726f84946162e2c115f67dc4dbfe60af9ca6b6ceb75d576f9370abc98ed0309acf617a2c6f34ffc023632ce1b32391716190980aceb4af84dce3798c
-
SSDEEP
24576:XcIjUna3iVPF+zgyKKht6APjMtiVBsRXRU:kbF50httQbi
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://mail.hearing-vision.com - Port:
21 - Username:
[email protected] - Password:
LILKOOLL14!
Targets
-
-
Target
2a089fc9b24c5253a913526be0ac2ee62b911a96645cb70885d678c91dcb83c9.exe
-
Size
858KB
-
MD5
c7eefc30a9cdc5bab3269cefde2d221e
-
SHA1
27914bc81bdc74d9607784d9e239f5437b1e8cb1
-
SHA256
2a089fc9b24c5253a913526be0ac2ee62b911a96645cb70885d678c91dcb83c9
-
SHA512
fce33213726f84946162e2c115f67dc4dbfe60af9ca6b6ceb75d576f9370abc98ed0309acf617a2c6f34ffc023632ce1b32391716190980aceb4af84dce3798c
-
SSDEEP
24576:XcIjUna3iVPF+zgyKKht6APjMtiVBsRXRU:kbF50httQbi
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Loads dropped DLL
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
55a26d7800446f1373056064c64c3ce8
-
SHA1
80256857e9a0a9c8897923b717f3435295a76002
-
SHA256
904fd5481d72f4e03b01a455f848dedd095d0fb17e33608e0d849f5196fb6ff8
-
SHA512
04b8ab7a85c26f188c0a06f524488d6f2ac2884bf107c860c82e94ae12c3859f825133d78338fd2b594dfc48f7dc9888ae76fee786c6252a5c77c88755128a5b
-
SSDEEP
192:MPtkumJX7zBE2kGwfy9S9VkPsFQ1Mx1c:97O2k5q9wA1Mxa
Score3/10 -
-
-
Target
Jackhead/keelhauls.scr
-
Size
1.0MB
-
MD5
87a3ce82a211e6022d7145c99eef5edc
-
SHA1
d2aa5daef3272acdee40657353ebb0ba94728e8d
-
SHA256
66bf6c84307739696eb18d632b6a34755375e61f3c612dc273c7f8f25fcad938
-
SHA512
66f2bc1530f6d187749486c7305f069d67964ef5427a6a59f2dc081469f5d608c6e0d2c30edef70a6a79e6386be1528ae2b8725ba704e2d3cf8b2f303d8eb1cf
-
SSDEEP
768:N9lotXK6U6HA/zmsIxzvraRwfj+iMbmwrhg2hnwjYBm2GOP9bsWZafCJL6Ir7wxG:QRPMLzJ
Score1/10 -