General
-
Target
X-TPM.msi
-
Size
41.1MB
-
Sample
240427-2npexaae6z
-
MD5
1c3ae290b4057032b76e189009cbeaf0
-
SHA1
06d5dc01195e2f499806e76049b6c3a28fa029d0
-
SHA256
ac0ad6fa6a84cd64a77bd52cb09bf01213b6e2bccccd09d7dabea222419a3bc6
-
SHA512
e9cbea7a43e2fdaf8233a64c89f52c47eb80ac5489f249d9dc8656898c83b01626e7b8fd94525209098ce8a8828874875bed856d1741f0d603ad3fd771d9a64a
-
SSDEEP
786432:QA2pJpNITFIyP9uI4SD+o/iNmvYMONJfzYj40ZNhUmfIyU3rzyAB2AeS75/3e1C:QVnD2FIyP9uI8o0lJfi40ZNjj2Xy49e8
Malware Config
Targets
-
-
Target
X-TPM.msi
-
Size
41.1MB
-
MD5
1c3ae290b4057032b76e189009cbeaf0
-
SHA1
06d5dc01195e2f499806e76049b6c3a28fa029d0
-
SHA256
ac0ad6fa6a84cd64a77bd52cb09bf01213b6e2bccccd09d7dabea222419a3bc6
-
SHA512
e9cbea7a43e2fdaf8233a64c89f52c47eb80ac5489f249d9dc8656898c83b01626e7b8fd94525209098ce8a8828874875bed856d1741f0d603ad3fd771d9a64a
-
SSDEEP
786432:QA2pJpNITFIyP9uI4SD+o/iNmvYMONJfzYj40ZNhUmfIyU3rzyAB2AeS75/3e1C:QVnD2FIyP9uI8o0lJfi40ZNjj2Xy49e8
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-