General
-
Target
0fcd3484d291bf5d9ac474cdc0fb448d8bb61e63beb87201d9b3bf6c4d96cf4b
-
Size
1.3MB
-
Sample
220604-rsy5ssbba7
-
MD5
e11a22c0d8fdac1626d1a94866906cd9
-
SHA1
95a56cfb56a8704ba8533321a4c56c846ed3431c
-
SHA256
0fcd3484d291bf5d9ac474cdc0fb448d8bb61e63beb87201d9b3bf6c4d96cf4b
-
SHA512
0d570f48f7ad28ebe0c444a72e63dd200b9883ae0704b3571b98fe4e2962489751b1395bc670e1e04f68ceb92eb9bf5f6284c89a67449c69843efd56bdbc31f3
Malware Config
Targets
-
-
Target
0fcd3484d291bf5d9ac474cdc0fb448d8bb61e63beb87201d9b3bf6c4d96cf4b
-
Size
1.3MB
-
MD5
e11a22c0d8fdac1626d1a94866906cd9
-
SHA1
95a56cfb56a8704ba8533321a4c56c846ed3431c
-
SHA256
0fcd3484d291bf5d9ac474cdc0fb448d8bb61e63beb87201d9b3bf6c4d96cf4b
-
SHA512
0d570f48f7ad28ebe0c444a72e63dd200b9883ae0704b3571b98fe4e2962489751b1395bc670e1e04f68ceb92eb9bf5f6284c89a67449c69843efd56bdbc31f3
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
AgentTesla Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-