General
-
Target
c238eade1b9932a7ce645130b7585094.bin
-
Size
310KB
-
Sample
230302-b27wasba82
-
MD5
ce62ad60e51c06c77dfe8ac087e47bf4
-
SHA1
96c0a98854549b9e0aac357a43e5d9443614d8d8
-
SHA256
e4336a5d7fc5bd8743288213e32bba3a0cff9a0687e399ff680894a0d7b419e9
-
SHA512
41b94bde794232bd499f93943a1ae847699592a316313882175cfed9177664e26ff82e0506cd03d2c072e042a423cd83e9feeaa70ba2fc9924c046073f2dfc3c
-
SSDEEP
6144:3+Qwnlt3E4GOtP+L0Af7efa5PSeg9VRs7y5C8F9tWe:3PwjDGcmLFifa5PZUVSCNbWe
Malware Config
Targets
-
-
Target
462d53b58f158d715d7498179ad8f8383f5dd0171505571c83b333febdc13fad.exe
-
Size
323KB
-
MD5
c238eade1b9932a7ce645130b7585094
-
SHA1
05968ca5f4a9dfdfa00a417d1bac9b81316eb91c
-
SHA256
462d53b58f158d715d7498179ad8f8383f5dd0171505571c83b333febdc13fad
-
SHA512
763ca070890b4cca3a1157a0ae3dec46ffb5f2f2e26c20d301cec36f99b978089590590daa476b37b5f8947bad18db0e54e7dba44f389ba69fa360d3f4658c29
-
SSDEEP
6144:PYa6hBEPtEi/e5DeGHTZqLoHxj3HUEaNwjAHKermxUErDtcDPAbGc92g/OKM4x:PYzyPei25D1zZqLop3HUntHLmiErD+DC
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-