General
-
Target
MRKU8781602.zip
-
Size
455KB
-
Sample
210727-fc76x47lea
-
MD5
e078b475809986ee55948bb768ee9cde
-
SHA1
d226c78d1403e1d6eddf71391814ade0d3ee6099
-
SHA256
2d0efd49d4743047d816c892185352bf7bb107210e325e1a8415d5803eb317fe
-
SHA512
7d9add9296b32c1514872ce03ebee5cc799cb5fcfba701562ef423d8e1ad38b2d9d60b4a0015af6f1f80026dc7ef399c5be29c53c026365de71d555b42f255a2
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1633482536:AAF1JIS_DaayovuRrLGy_POYaI3DRc2CrPY/sendDocument
Targets
-
-
Target
MRKU8781602.exe
-
Size
612KB
-
MD5
bbed19abf6b369658b6996317e2e2067
-
SHA1
b252760938e016ea408efb75cab44defa95a6b17
-
SHA256
eddc270558f27cf00441f9056ca98264e14708d8202647bb461c371e6db85cdb
-
SHA512
94021a9caceef74dc3d3bc62e39ca056c71ea8e01683f81cde451187007d3adc6ece3640490be0797c1e2f8e2d54a7ece3a7f528fea08de6b0fa86efd4534579
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-