General
-
Target
7ef50e80f81ed0f72a3d76642688ae32.exe
-
Size
187KB
-
Sample
230515-n32f5ade71
-
MD5
7ef50e80f81ed0f72a3d76642688ae32
-
SHA1
3c38fc150e87a2621175ce5ebfc1def7cd57c37d
-
SHA256
207101f6912ab3d1db4eb31783037685cade90fbc6ed91dffc1c53138b8436ff
-
SHA512
bf2206ccc606c1a7402fd3bffa0c59c735078714e1e7c8c9228803c57e60443c381e22b2ade7f768ee755e6b08c9b1de5284c50fd94eca5c9de80b9405990370
-
SSDEEP
3072:HfY/TU9fE9PEtuFb3qBVXTKVdPcJn8KJg0WnkG7WLjXtTpJsk/vAVTuKlenHtqJe:/Ya67WVXOPcJnU0WnkG7W/LJnApuvnHt
Malware Config
Targets
-
-
Target
7ef50e80f81ed0f72a3d76642688ae32.exe
-
Size
187KB
-
MD5
7ef50e80f81ed0f72a3d76642688ae32
-
SHA1
3c38fc150e87a2621175ce5ebfc1def7cd57c37d
-
SHA256
207101f6912ab3d1db4eb31783037685cade90fbc6ed91dffc1c53138b8436ff
-
SHA512
bf2206ccc606c1a7402fd3bffa0c59c735078714e1e7c8c9228803c57e60443c381e22b2ade7f768ee755e6b08c9b1de5284c50fd94eca5c9de80b9405990370
-
SSDEEP
3072:HfY/TU9fE9PEtuFb3qBVXTKVdPcJn8KJg0WnkG7WLjXtTpJsk/vAVTuKlenHtqJe:/Ya67WVXOPcJnU0WnkG7W/LJnApuvnHt
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-