General
-
Target
Contract Signed...pdf...bin
-
Size
612KB
-
Sample
230418-25nvpsgf7z
-
MD5
aaab701f2ebada6182830d00673ecddb
-
SHA1
1094c5284c99c7666ce8edc97d830d6d2c2037df
-
SHA256
80d9a24ac09643fec02e6c44b6fc4c77390e7a068fa37c13c44f2e1a6962b89e
-
SHA512
44a2e97de85b5b24dd1092922013e20eb69b045945e354b49f237edbf7f8587dd39c87432a99cc4ae7a8bdd4d77d1bf8df21530fc0b7a71d28f394ba694ba38d
-
SSDEEP
12288:vPGregKpG7hkBvU5EFcDqmf+d8LpCoCpAuL3ULCRSyCJ:v8egL7hkBvUOc+bETyAm3ULCRlu
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5810723995:AAFzOu_h50ZboqfLSMvb7-HvSrH1c76uDfA/
Targets
-
-
Target
Contract Signed...pdf...bin
-
Size
612KB
-
MD5
aaab701f2ebada6182830d00673ecddb
-
SHA1
1094c5284c99c7666ce8edc97d830d6d2c2037df
-
SHA256
80d9a24ac09643fec02e6c44b6fc4c77390e7a068fa37c13c44f2e1a6962b89e
-
SHA512
44a2e97de85b5b24dd1092922013e20eb69b045945e354b49f237edbf7f8587dd39c87432a99cc4ae7a8bdd4d77d1bf8df21530fc0b7a71d28f394ba694ba38d
-
SSDEEP
12288:vPGregKpG7hkBvU5EFcDqmf+d8LpCoCpAuL3ULCRSyCJ:v8egL7hkBvUOc+bETyAm3ULCRlu
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-