General
-
Target
ScriptWare.exe
-
Size
14.1MB
-
Sample
230401-vl7edabc97
-
MD5
181defaf852df7256f1ba326b8d083f0
-
SHA1
01edee35598a36123e24adb9b2094b37f9a58163
-
SHA256
11835f8e448823dbb1219ba23dc0569c70b21e5ab2fceb40453ce1955cf616d3
-
SHA512
a11f43166110170f763c0b0eec32a277bee20f15b16aed5d30f994f85dbe26c57b67366e96fa79029aa5252ce765fe0714cb2b85dcafdaafe08d516e14921f36
-
SSDEEP
393216:UcFJi0bdAuKGFrHJ4W9pp/+vMogAuKGFrHJkRAPADY11kSc/zmjx:bi0bAWH1m6
Malware Config
Targets
-
-
Target
ScriptWare.exe
-
Size
14.1MB
-
MD5
181defaf852df7256f1ba326b8d083f0
-
SHA1
01edee35598a36123e24adb9b2094b37f9a58163
-
SHA256
11835f8e448823dbb1219ba23dc0569c70b21e5ab2fceb40453ce1955cf616d3
-
SHA512
a11f43166110170f763c0b0eec32a277bee20f15b16aed5d30f994f85dbe26c57b67366e96fa79029aa5252ce765fe0714cb2b85dcafdaafe08d516e14921f36
-
SSDEEP
393216:UcFJi0bdAuKGFrHJ4W9pp/+vMogAuKGFrHJkRAPADY11kSc/zmjx:bi0bAWH1m6
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks whether UAC is enabled
-