General
-
Target
4.exe
-
Size
849KB
-
Sample
240628-l1tx6atcjh
-
MD5
1e6cb04df9502e8cb007a482c663bc9d
-
SHA1
f53cf395db96bca467de325491ac09cfb8d388fc
-
SHA256
a7afb33b403ad33bf2421901d5ed9aad4e7ee362f343a86f313897713f595625
-
SHA512
8c962d165a951644c0c5bf52b95159185a49657facd1f6b3c443fe3dc2af11ab6af8c3e511a37e2581e2cf3e27b7671b0bc5b7762a3fb38b3a273afee6790e57
-
SSDEEP
12288:hcIjd3nQIQsk3na+QidVt1+DXuY4Dc25c2YDX8Y/RN4Yx6m:hcIjUna3imz4DTg5vl
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://mail.hearing-vision.com - Port:
21 - Username:
[email protected] - Password:
LILKOOLL14!
Targets
-
-
Target
4.exe
-
Size
849KB
-
MD5
1e6cb04df9502e8cb007a482c663bc9d
-
SHA1
f53cf395db96bca467de325491ac09cfb8d388fc
-
SHA256
a7afb33b403ad33bf2421901d5ed9aad4e7ee362f343a86f313897713f595625
-
SHA512
8c962d165a951644c0c5bf52b95159185a49657facd1f6b3c443fe3dc2af11ab6af8c3e511a37e2581e2cf3e27b7671b0bc5b7762a3fb38b3a273afee6790e57
-
SSDEEP
12288:hcIjd3nQIQsk3na+QidVt1+DXuY4Dc25c2YDX8Y/RN4Yx6m:hcIjUna3imz4DTg5vl
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Loads dropped DLL
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
55a26d7800446f1373056064c64c3ce8
-
SHA1
80256857e9a0a9c8897923b717f3435295a76002
-
SHA256
904fd5481d72f4e03b01a455f848dedd095d0fb17e33608e0d849f5196fb6ff8
-
SHA512
04b8ab7a85c26f188c0a06f524488d6f2ac2884bf107c860c82e94ae12c3859f825133d78338fd2b594dfc48f7dc9888ae76fee786c6252a5c77c88755128a5b
-
SSDEEP
192:MPtkumJX7zBE2kGwfy9S9VkPsFQ1Mx1c:97O2k5q9wA1Mxa
Score3/10 -
-
-
Target
keelhauls.scr
-
Size
1.0MB
-
MD5
87a3ce82a211e6022d7145c99eef5edc
-
SHA1
d2aa5daef3272acdee40657353ebb0ba94728e8d
-
SHA256
66bf6c84307739696eb18d632b6a34755375e61f3c612dc273c7f8f25fcad938
-
SHA512
66f2bc1530f6d187749486c7305f069d67964ef5427a6a59f2dc081469f5d608c6e0d2c30edef70a6a79e6386be1528ae2b8725ba704e2d3cf8b2f303d8eb1cf
-
SSDEEP
768:N9lotXK6U6HA/zmsIxzvraRwfj+iMbmwrhg2hnwjYBm2GOP9bsWZafCJL6Ir7wxG:QRPMLzJ
Score1/10 -