General
-
Target
298d3563b0fc377f35fe41d96201e07914ff29666b06472312b450ffc3417165
-
Size
324KB
-
Sample
240629-bdj5bszfjr
-
MD5
d364a118ce1590a0d3a9988463830714
-
SHA1
cbe041c5bf48af6ce03a96d979e1185116d03131
-
SHA256
298d3563b0fc377f35fe41d96201e07914ff29666b06472312b450ffc3417165
-
SHA512
d3b02f86f14a128485a210961d396f199479b60ddfe581fe635f29c190d617dcc91889b8ca48080849d8295f5c3642178e3b1a995dbc6d96c653c83672f5fb04
-
SSDEEP
6144:qFPJZRRZAfHhwWPADAi6lTl3yBlkrgIE/ND3w:qFPJZRRZAPhVss5eGS/5w
Malware Config
Extracted
agenttesla
https://discord.com/api/webhooks/1251110202149699625/eDNZWTFoHBDo8HXw0aunmvGeBWciM4C8KyCpUHy9gEFPn1XyMs30gAsSjfRX6u9Vnuig
Targets
-
-
Target
298d3563b0fc377f35fe41d96201e07914ff29666b06472312b450ffc3417165
-
Size
324KB
-
MD5
d364a118ce1590a0d3a9988463830714
-
SHA1
cbe041c5bf48af6ce03a96d979e1185116d03131
-
SHA256
298d3563b0fc377f35fe41d96201e07914ff29666b06472312b450ffc3417165
-
SHA512
d3b02f86f14a128485a210961d396f199479b60ddfe581fe635f29c190d617dcc91889b8ca48080849d8295f5c3642178e3b1a995dbc6d96c653c83672f5fb04
-
SSDEEP
6144:qFPJZRRZAfHhwWPADAi6lTl3yBlkrgIE/ND3w:qFPJZRRZAPhVss5eGS/5w
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-