General
-
Target
1f41663d5c4f88ec128884559b761b84.bin
-
Size
1.0MB
-
Sample
230420-bgbmcsge5s
-
MD5
d0439204f941183c1174300b84a1fcb6
-
SHA1
2434599da4dc642ea4f1a4acd4fa3dfb37b67571
-
SHA256
00df99afbaaca9dd27d58796ace28c9408c9ef32af8e9375638a919c1f645599
-
SHA512
0447037766ae4ad8c025c4c68505b211c6c95a4e79844bed670ef19cf50b227c931bad6316d3f65b29c55ba71c296e11f8ec71f8768800b3d833f0cbaa7a3ef2
-
SSDEEP
24576:ZzJUs7Njx8ZdewgLq29UlsRqkFQ2f8eIzCbd9JdF:ZzZNjKuwOqq9rQ2fkWbdLH
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6191932863:AAEw6WZfMHSbIiilSKsmAnJOgaZwvnoMVh8/
Targets
-
-
Target
DHL_AWB_975539839616.exe
-
Size
588KB
-
MD5
f2a6a23bd98ff275751843da1ea99bee
-
SHA1
69c11c308f989515c05ef36f242efc7e0a276b28
-
SHA256
21d455342573c58b10724e61e0fefadd32fd934b573b8f6f655e52e08dadc8bf
-
SHA512
c4795a6ae5d65bfbde956df3fffc3fae97197c32595775be08ab0d566e5a77dc0f869b1c9aa8393ed666311b8e16dfdf2e40020b00edb8caaa9ede5cf1d804c5
-
SSDEEP
12288:nOnbqjckIgJaPrboWnxmBa+AnTxY5bsZgdEupSmJaG:nJJpMo2Ev6VIEuzn
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
DHL_AWB_975539839616.exe
-
Size
588KB
-
MD5
f2a6a23bd98ff275751843da1ea99bee
-
SHA1
69c11c308f989515c05ef36f242efc7e0a276b28
-
SHA256
21d455342573c58b10724e61e0fefadd32fd934b573b8f6f655e52e08dadc8bf
-
SHA512
c4795a6ae5d65bfbde956df3fffc3fae97197c32595775be08ab0d566e5a77dc0f869b1c9aa8393ed666311b8e16dfdf2e40020b00edb8caaa9ede5cf1d804c5
-
SSDEEP
12288:nOnbqjckIgJaPrboWnxmBa+AnTxY5bsZgdEupSmJaG:nJJpMo2Ev6VIEuzn
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-