General
-
Target
Order Requirement_600002543231232434581-Pdf.exe
-
Size
728KB
-
Sample
230321-rne65ach8w
-
MD5
fd4fe9b1f8e0bf3ca95dfc86d3e5d3d7
-
SHA1
8942cc1d310eafc1d7504bf073c95668872afa25
-
SHA256
143fcc434f1292929c4094082966d7e2aa0c175a7766fe28087879721b37e047
-
SHA512
648f95fa1508995c7c803808143ee33b907b5b39dc8b471a7b55d58d27a5ed9a1e9b398bfa91500208c778641547a9e4fc752740786fe9612ed37cb24a868ed8
-
SSDEEP
12288:L/rmYMUnFW/N+bL/5rWOl/n05skp+qnkfJrj5Dfld33Jk6jwbNCb9hKftYfygWZU:L/rUw3PlmfYjRtdnu9bYgtYqjZ5G53/
Malware Config
Extracted
agenttesla
https://discord.com/api/webhooks/1084739792148897832/Kkf_dVHVncMeY9yrSvudHNYtOMqiHSuaCDJNIZ4lwtqcmhMFPMdw8uFQTFLDkHzWQ2xG
Targets
-
-
Target
Order Requirement_600002543231232434581-Pdf.exe
-
Size
728KB
-
MD5
fd4fe9b1f8e0bf3ca95dfc86d3e5d3d7
-
SHA1
8942cc1d310eafc1d7504bf073c95668872afa25
-
SHA256
143fcc434f1292929c4094082966d7e2aa0c175a7766fe28087879721b37e047
-
SHA512
648f95fa1508995c7c803808143ee33b907b5b39dc8b471a7b55d58d27a5ed9a1e9b398bfa91500208c778641547a9e4fc752740786fe9612ed37cb24a868ed8
-
SSDEEP
12288:L/rmYMUnFW/N+bL/5rWOl/n05skp+qnkfJrj5Dfld33Jk6jwbNCb9hKftYfygWZU:L/rUw3PlmfYjRtdnu9bYgtYqjZ5G53/
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-