General
-
Target
4efcea29ba8f3df966cb86748233b9d5f85767341dc83f0d4f46bf9eee6ee556
-
Size
1.4MB
-
Sample
221125-l1435ach3v
-
MD5
bff2b660edd464c391cf5059f1e16936
-
SHA1
03f23d669f71532329f2d00f616c80ae613263e8
-
SHA256
4efcea29ba8f3df966cb86748233b9d5f85767341dc83f0d4f46bf9eee6ee556
-
SHA512
29f2ca52cb9562fd196163ea012d94e5d17060955610b9f6cbcf63f6196d40c3f9e6b2bea61453a8d5b4d21ba58242e976ec552a84a06a9d9ed2f58530aac05c
-
SSDEEP
24576:jAHnh+eWsN3skA4RV1Hom2KXMmHab32MryMOEibPMVrS9Wqn25:uh+ZkldoPK8YabZqs
Malware Config
Targets
-
-
Target
4efcea29ba8f3df966cb86748233b9d5f85767341dc83f0d4f46bf9eee6ee556
-
Size
1.4MB
-
MD5
bff2b660edd464c391cf5059f1e16936
-
SHA1
03f23d669f71532329f2d00f616c80ae613263e8
-
SHA256
4efcea29ba8f3df966cb86748233b9d5f85767341dc83f0d4f46bf9eee6ee556
-
SHA512
29f2ca52cb9562fd196163ea012d94e5d17060955610b9f6cbcf63f6196d40c3f9e6b2bea61453a8d5b4d21ba58242e976ec552a84a06a9d9ed2f58530aac05c
-
SSDEEP
24576:jAHnh+eWsN3skA4RV1Hom2KXMmHab32MryMOEibPMVrS9Wqn25:uh+ZkldoPK8YabZqs
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops startup file
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-