General
-
Target
SecuriteInfo.com.IL.Trojan.MSILZilla.23664.14855.4868.exe
-
Size
9KB
-
Sample
221101-e6hzhshacr
-
MD5
c2d2bca77bf6040e41c862e6050698df
-
SHA1
24940d9b99d4cd819454e78318d1bdfc3e5ace99
-
SHA256
0e5b0d318b1bfd14a705e7b4c16324a2e7f21562052948426d11c32ec586be5e
-
SHA512
7b59a293e8296db63b604b2d19106c24256a64b0426b72ce65eeaca5f978176d2b1bd393d9d8a742f649b924d22da8d36eb030d993beca148794bcc83c89b5f0
-
SSDEEP
192:fDWHDc9o3HSvE5CqLhFbOg9HGs5y8stYcFmVc03KY:fDWg9os8XLhVOgFGSyptYcFmVc03K
Malware Config
Targets
-
-
Target
SecuriteInfo.com.IL.Trojan.MSILZilla.23664.14855.4868.exe
-
Size
9KB
-
MD5
c2d2bca77bf6040e41c862e6050698df
-
SHA1
24940d9b99d4cd819454e78318d1bdfc3e5ace99
-
SHA256
0e5b0d318b1bfd14a705e7b4c16324a2e7f21562052948426d11c32ec586be5e
-
SHA512
7b59a293e8296db63b604b2d19106c24256a64b0426b72ce65eeaca5f978176d2b1bd393d9d8a742f649b924d22da8d36eb030d993beca148794bcc83c89b5f0
-
SSDEEP
192:fDWHDc9o3HSvE5CqLhFbOg9HGs5y8stYcFmVc03KY:fDWg9os8XLhVOgFGSyptYcFmVc03K
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-