General
-
Target
f87e8daeeeca54c094fe23e368e3f354.bin
-
Size
82KB
-
Sample
230130-ypp62sce59
-
MD5
2b7eaaf07f94b19dfc4bfea63269a4f4
-
SHA1
75690e546a0ba6d546766c58dc36eee5e798879e
-
SHA256
0e3522907b44a1af6f11f1e51e56ce35f787ccd9fc70bddf59ca724b0930263e
-
SHA512
fbf9bb02dc145afbc3c5a63dce06c77fc7d21865a20a42194400d2a778c309cdbf30e9f1b8622d8217a086198c3b49286b8e1d3c849c58b6b055ce8f7f87a395
-
SSDEEP
1536:dJNG24P6/UxHa24uBPNq0j4LnjimseaVbQGjadzp5UrIR6b/8gZ:0tHOuBPNq0MzjimKbQtz68gZ
Malware Config
Targets
-
-
Target
d2fd8718b42a76ae7931b50bf26a5b3431ed822f8eaa5ecda0b317e9566f0409.exe
-
Size
165KB
-
MD5
f87e8daeeeca54c094fe23e368e3f354
-
SHA1
dde4659466ded141e281e30289f3945fa2b04b65
-
SHA256
d2fd8718b42a76ae7931b50bf26a5b3431ed822f8eaa5ecda0b317e9566f0409
-
SHA512
8bc31c443f4b75f4c48a31e87b8092c5494b9833c62a9ec88941c0a5a4c2837a7645fcfe0c68eacfc0a57ea4ed51b05d03aca8f8dab742859bcec8055f5cae9f
-
SSDEEP
3072:S3wXxX9DK2/Mt8Cu48N4uKC+UxaOC0zu4hpbFKRjA+Jw:NTKlqCJuK8x/9zu+bFKZJ
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-