General
-
Target
QUOTATION REQUEST 818800369_1.zip
-
Size
724KB
-
Sample
230327-qfhrlsff4v
-
MD5
685cdb46d2d3d3d835f857c6a72a8fc9
-
SHA1
763b86c8f2250d2370733ecbe459c472d36f79fe
-
SHA256
49830344b368f82a8125ba389948ec66ba1bc5082a4176ec65fbada1f8c331d5
-
SHA512
073c3c9dbe5d086c6741939596e321f1095edeecf0dd860ed70c8fd898063c35a5ffb4c550be82addffd8d031318fdacce8527536c166c0ea339045c5a11f9f2
-
SSDEEP
12288:pL7Icw2EJp/lWU64OzqhLv7VwyKefeH5GRqS8WsZUAKf1DgTxJ3EjTq918:pL7M2yp/ldOzqbZKeKaqS8WtdDSJ3EnP
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6035698859:AAHH1LNcn_IN7i06Iyk-CzN-7F-btDaRv1I/
Targets
-
-
Target
QUOTATION REQUEST 818800369.exe
-
Size
805KB
-
MD5
a2d23b80552b694494d2f07903077d01
-
SHA1
8b7157eea917db6ebcea9393f83b1be9129e34fd
-
SHA256
89fc947344db449af06bbd95b6f955a98c06006e742a589689860dd5806484aa
-
SHA512
0c33a5373a85dd4141ba3dd4cc243d9853382e452882412284c7ba7cca60962eef5fc102eaf55bc74f6608cbdb1ed194f7dd84a11faf30da90e9e14acb99a9ad
-
SSDEEP
12288:qUJB0O92mtL/PWU64GVqd5V7VmiUeL2HLGLqE8WMbUqyfpDgTFJB0jTSFJhZ:z32+L/PdGVqvxUemMqE8WZRDyJB0nwD
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-