General
-
Target
DHL Air waybill.jar
-
Size
761KB
-
Sample
221207-trwdmafd48
-
MD5
75502270d1a0042158b97025d3401111
-
SHA1
5f49223c1cbf523d524d597c5f966ae2e3e08dfd
-
SHA256
0e54a2fc005e1606b6a9ee3f1e514122e6ed7281be15740cddc11ae341bf38b8
-
SHA512
04d3a368c44b2920b8c492aada34e9ad52abb3b246c6ec4aa9e0b03b04576395ad50d816ad328a82cf557e3d09e8179249845577a99c624a5b0fae1de862d9b1
-
SSDEEP
12288:EaH1JkBYDNgS9dxOXnbF4ZWKzf6kth+4mP5ZkEBzyq+c1lZ0xWP4w+GIMyEN5ish:EaH1JkOiS7kbaZdzfph+4okEgSG+5i5m
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5303328165:AAF7HxnjN67EBIegVs-MwZqBsR_i0699CXE/
Targets
-
-
Target
DHL Air waybill.SCR
-
Size
801KB
-
MD5
beb27d2d76a11793bd4f7cb8c3cec343
-
SHA1
3fcfe3b2be699e78f1bcd4136499d805191d76b4
-
SHA256
3b17be70fb201b2352f0a5d5a2b4f783e18350a13628b96c80c3d4e8c1fdd0b5
-
SHA512
2d85f07698b9b2c3e2de47e8182bb0e227c7daebf56611cf38cd665df0510adde4c984414d54961c9db7a033ab388a2aa471db7bff30eeb5d96e4c4b3f34f99c
-
SSDEEP
12288:iwBoY9FDutOg6duUKLo7BkvKpDeSp+7732pQlS3WWu41rXSQTlrOBZ3wIQTIddpn:rIvKpKSpgTMFioJOFigEa3zQtmAI
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-