General
-
Target
New Order4687334.exe
-
Size
792KB
-
Sample
211202-q892kahdan
-
MD5
abc0d5990e243c73bcb0ef52f113c9c8
-
SHA1
a62d9e6614ab925a6ec5ec1d8c8abeb44cf51ef0
-
SHA256
b8baaf727f8da89fe81122fd5c93c3d34b7f3f78ae90403309d7d335e0bb3792
-
SHA512
c33cdb17d07af0b51b4dfdf1a4626ec94ad87d24aef2e4ac8cc17eecdfdfe246224a28e448d321feb4ea70d83a349f822ed46abad7ec1913566b83a2c9bc4fa5
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5074572303:AAE8ZKRzrDBFdUptPX0s5TohA3XJtaS_H_8/sendDocument
Targets
-
-
Target
New Order4687334.exe
-
Size
792KB
-
MD5
abc0d5990e243c73bcb0ef52f113c9c8
-
SHA1
a62d9e6614ab925a6ec5ec1d8c8abeb44cf51ef0
-
SHA256
b8baaf727f8da89fe81122fd5c93c3d34b7f3f78ae90403309d7d335e0bb3792
-
SHA512
c33cdb17d07af0b51b4dfdf1a4626ec94ad87d24aef2e4ac8cc17eecdfdfe246224a28e448d321feb4ea70d83a349f822ed46abad7ec1913566b83a2c9bc4fa5
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-