General
-
Target
Urgent Order.exe
-
Size
338KB
-
Sample
211021-n87kbsbbaq
-
MD5
59c263059d82a031daab8fd5611f0fe0
-
SHA1
813495feb871703f4bfcf08a7d3ccd21e19b3487
-
SHA256
381c8b452d66bd7985b1f10a47c4447c377573a16b26d2bf3a2486e52da38a31
-
SHA512
59aca616a5d217f19a991dc437dd0c81c4f0e962be95dcaccf0e19762cae59eec89a3a69d35c6207596e07e4a9561d86e65d0e2787d79404374f3f4458a25de4
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1948592798:AAEPqwEad_OoXqml68rtg1qHOajQ46ljm48/sendDocument
Targets
-
-
Target
Urgent Order.exe
-
Size
338KB
-
MD5
59c263059d82a031daab8fd5611f0fe0
-
SHA1
813495feb871703f4bfcf08a7d3ccd21e19b3487
-
SHA256
381c8b452d66bd7985b1f10a47c4447c377573a16b26d2bf3a2486e52da38a31
-
SHA512
59aca616a5d217f19a991dc437dd0c81c4f0e962be95dcaccf0e19762cae59eec89a3a69d35c6207596e07e4a9561d86e65d0e2787d79404374f3f4458a25de4
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-