General
-
Target
05844bc004af9194e53b16bdb3f0ba6e4f976673df78f41a86edcd437a642fa6
-
Size
383KB
-
Sample
220521-ppyzhsfgd3
-
MD5
da571948c48af8e027ce7578c0470473
-
SHA1
6f6db5dab366b78ad0029a986888fd06c3148de1
-
SHA256
05844bc004af9194e53b16bdb3f0ba6e4f976673df78f41a86edcd437a642fa6
-
SHA512
33ca3e708734f869eeede85fd03cf0dd21662f53e63f7bc0bfcf10649d1177790b99fc3b942cdbbf6acb005efb9f7b43419f1ba8e3626a2cfd87aad2eca80724
Malware Config
Targets
-
-
Target
Request For Quotation.exe
-
Size
422KB
-
MD5
4e84615687a80db56bb958d06e772099
-
SHA1
fb822d2c634a8700f263953462a30b0652c25868
-
SHA256
cb8503881bc157b1c984dfb66a76d2ef039c723666098a917adca4d247ea03d8
-
SHA512
9c3314c1ed528388d8b8bff7b2c9f5ade7280ff9a1f106656e93613ad5a9b1397ee3af318cbbb6731f7698fb56921a4a15a831f53a0d949079ce69323a7c7930
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-