General
-
Target
#087file.exe
-
Size
633KB
-
Sample
221124-299yqsac6z
-
MD5
46932de3d79b8b31004320d4a8900ece
-
SHA1
ea2b41ba0965aa7ec1431e95ba5cfa0e425bab8b
-
SHA256
8ac1f7de055ec36e94804c99cf51741ec440b128e92f9a721749802e1204a0dc
-
SHA512
94a16d6fb5f0843f8eb39deae83623dfefc6f4d2b89c1986c79053480f70c09f4637ea229aed42885b96a33697d284ec8af00ba36fc4cf2cf62fdd1b6693d892
-
SSDEEP
12288:DVmDMEsPCABfUnfmwvVDCXhSRld2jpnwW/NkhsDiCmHQswWwqoRsVTVn:h+sPCuUhDDlYuLyEHQsDtoRwF
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1591373451:AAH6Q2mvjdA9146Wl0khv2-kuh-iTps2zjw/
Targets
-
-
Target
#087file.exe
-
Size
633KB
-
MD5
46932de3d79b8b31004320d4a8900ece
-
SHA1
ea2b41ba0965aa7ec1431e95ba5cfa0e425bab8b
-
SHA256
8ac1f7de055ec36e94804c99cf51741ec440b128e92f9a721749802e1204a0dc
-
SHA512
94a16d6fb5f0843f8eb39deae83623dfefc6f4d2b89c1986c79053480f70c09f4637ea229aed42885b96a33697d284ec8af00ba36fc4cf2cf62fdd1b6693d892
-
SSDEEP
12288:DVmDMEsPCABfUnfmwvVDCXhSRld2jpnwW/NkhsDiCmHQswWwqoRsVTVn:h+sPCuUhDDlYuLyEHQsDtoRwF
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-