General
-
Target
SecuriteInfo.com.Win32.TrojanX-gen.21511.24993.exe
-
Size
6KB
-
Sample
221018-bq8y8aebgl
-
MD5
07774dcad37a559c6a3ff27e590a9399
-
SHA1
92c1d025a078431f390bd3723a41023bbf556034
-
SHA256
eef6df577e7da107e24b1c043d08c10ede909e73ef8d6b6881dd75327770aa7e
-
SHA512
a99a6138ff523c951dab7343cf5b499ab2e0b0c1d3b9e9be8a3e58d07be5a550675d01fba670d6e256482cdec7071e07e8944a43180c02098e2ea232cfb1603c
-
SSDEEP
48:60Y7gsaS0Ikqz7P+i1S+QSHmHSfwZqKzEoyy6O6CH+sSKp7lF6JcKUitiOlTO3zE:xL2/+i1jQxHSfUj6BW+zmlFzKp0JFnU
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Win32.TrojanX-gen.21511.24993.exe
-
Size
6KB
-
MD5
07774dcad37a559c6a3ff27e590a9399
-
SHA1
92c1d025a078431f390bd3723a41023bbf556034
-
SHA256
eef6df577e7da107e24b1c043d08c10ede909e73ef8d6b6881dd75327770aa7e
-
SHA512
a99a6138ff523c951dab7343cf5b499ab2e0b0c1d3b9e9be8a3e58d07be5a550675d01fba670d6e256482cdec7071e07e8944a43180c02098e2ea232cfb1603c
-
SSDEEP
48:60Y7gsaS0Ikqz7P+i1S+QSHmHSfwZqKzEoyy6O6CH+sSKp7lF6JcKUitiOlTO3zE:xL2/+i1jQxHSfUj6BW+zmlFzKp0JFnU
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-