General
-
Target
8cdc238ef7df045b66f34ff099f05f4bbf42a6d262b0f3cf6a224a2ea95f4505
-
Size
750KB
-
Sample
220619-wjahasffbq
-
MD5
dd45870570b5eeabe6ecec62a093fced
-
SHA1
c6364fe561cd82f0ac20d6beb23655b188c7d2f4
-
SHA256
8cdc238ef7df045b66f34ff099f05f4bbf42a6d262b0f3cf6a224a2ea95f4505
-
SHA512
3ede737c03ee4f2d67e30390726ad6359842a6aa59e6e8d9c56d89fd0bb45e865162fcbcfc41a78c2da56325d8fa88156c32ddc1f592eac78b3ee7199db43dbc
Malware Config
Targets
-
-
Target
8cdc238ef7df045b66f34ff099f05f4bbf42a6d262b0f3cf6a224a2ea95f4505
-
Size
750KB
-
MD5
dd45870570b5eeabe6ecec62a093fced
-
SHA1
c6364fe561cd82f0ac20d6beb23655b188c7d2f4
-
SHA256
8cdc238ef7df045b66f34ff099f05f4bbf42a6d262b0f3cf6a224a2ea95f4505
-
SHA512
3ede737c03ee4f2d67e30390726ad6359842a6aa59e6e8d9c56d89fd0bb45e865162fcbcfc41a78c2da56325d8fa88156c32ddc1f592eac78b3ee7199db43dbc
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-