General
-
Target
2553f424ecb8f9a07e4d4fd110adadcf.exe
-
Size
461KB
-
Sample
210727-jzanj72m6s
-
MD5
2553f424ecb8f9a07e4d4fd110adadcf
-
SHA1
c82344a66717312df4ce2f126c5912b98b1003db
-
SHA256
49410b049129225af89fba012073e14ad171e27924af79e0d79bb60191e81f33
-
SHA512
60df84c8bd26370970329f9de3e181fbf4ca84d5e1a2584a9ea19c49f253c55316f0a90b33a6c7b118bd59d2b00ef073aaeb605c9ea6ccf6043f4c6f8ef87f2a
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1846829589:AAHSsEDTKvDOQ17YrNRY5_FXv5z4mpfGRIc/sendDocument
Targets
-
-
Target
2553f424ecb8f9a07e4d4fd110adadcf.exe
-
Size
461KB
-
MD5
2553f424ecb8f9a07e4d4fd110adadcf
-
SHA1
c82344a66717312df4ce2f126c5912b98b1003db
-
SHA256
49410b049129225af89fba012073e14ad171e27924af79e0d79bb60191e81f33
-
SHA512
60df84c8bd26370970329f9de3e181fbf4ca84d5e1a2584a9ea19c49f253c55316f0a90b33a6c7b118bd59d2b00ef073aaeb605c9ea6ccf6043f4c6f8ef87f2a
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-