General
-
Target
SHIPPING INVOICE-PACKING LIST DOCS.exe
-
Size
555KB
-
Sample
221128-kl179aae42
-
MD5
5b7d13236bd0e3f952b7c7b68b04e55d
-
SHA1
4d4f83b41622cdc8e418681c4c15b7ffc702b421
-
SHA256
65c9b0f0953bfb1534836f0077fc7b14edf3c2d06649931cf39c26c7ec9d8f19
-
SHA512
91eed2ee379165f4a316b8cabff80610f7815080650e2eb41db155aa3e7ba629a5739b5ab33fef6ea7dc7b899316bbde1d70243b709350739bc596a02de8d684
-
SSDEEP
12288:XaZbIZlxbK9ESCYX4XP4upRj19sCdyGIz46mol:XaKxu7R242On9M6mol
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5515611206:AAEcQSX8hXHOAxSYr8KUdLxGF5eqw4FRXoA/
Targets
-
-
Target
SHIPPING INVOICE-PACKING LIST DOCS.exe
-
Size
555KB
-
MD5
5b7d13236bd0e3f952b7c7b68b04e55d
-
SHA1
4d4f83b41622cdc8e418681c4c15b7ffc702b421
-
SHA256
65c9b0f0953bfb1534836f0077fc7b14edf3c2d06649931cf39c26c7ec9d8f19
-
SHA512
91eed2ee379165f4a316b8cabff80610f7815080650e2eb41db155aa3e7ba629a5739b5ab33fef6ea7dc7b899316bbde1d70243b709350739bc596a02de8d684
-
SSDEEP
12288:XaZbIZlxbK9ESCYX4XP4upRj19sCdyGIz46mol:XaKxu7R242On9M6mol
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-