General
-
Target
PO 5326976.exe
-
Size
320KB
-
Sample
230328-caxfxsgd38
-
MD5
3e156414a3514dc7228eb4ff71f0c730
-
SHA1
8f5929d4b6dac662c5044b9ae372bd1e3b13fd1d
-
SHA256
af9516862a7fd0fc54b7979064e75a5a8d1aa908ece62eec5900581ca90bd339
-
SHA512
7eedb72e9a90840de075028904b250852f33e13388cb97e283dbe8ae6f69d01db1fc9526a46c67f2610263a88ebd1f89b3d6cef86902419d8ff8913df8ce39f0
-
SSDEEP
6144:/Ya6dCELRWDCnUWTrucf1Kwkb3v04WSIEwi8tgFC:/Y/CAB3FFkb37WSAjes
Malware Config
Targets
-
-
Target
PO 5326976.exe
-
Size
320KB
-
MD5
3e156414a3514dc7228eb4ff71f0c730
-
SHA1
8f5929d4b6dac662c5044b9ae372bd1e3b13fd1d
-
SHA256
af9516862a7fd0fc54b7979064e75a5a8d1aa908ece62eec5900581ca90bd339
-
SHA512
7eedb72e9a90840de075028904b250852f33e13388cb97e283dbe8ae6f69d01db1fc9526a46c67f2610263a88ebd1f89b3d6cef86902419d8ff8913df8ce39f0
-
SSDEEP
6144:/Ya6dCELRWDCnUWTrucf1Kwkb3v04WSIEwi8tgFC:/Y/CAB3FFkb37WSAjes
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-