General
-
Target
tmp
-
Size
266KB
-
Sample
230519-m71vqagc4x
-
MD5
0e06a0f67647db74c0b6719b6c892f2a
-
SHA1
da7c7f0abaa2044c031c3916154fc19405fbcc74
-
SHA256
aafc668d03f2fa59132b86a640f41eac2d2221053152524d99fcc61b7a56c5e4
-
SHA512
d5545ef0c9b140eb9cecc510643f24157e21b8e13e3a04908500b0cc22b41f6140c519de5c644e50ea108b9ee84eb1efd76449d6c44c9a361ebce79b3be76696
-
SSDEEP
6144:vYa6C8IkNwFnB8Qc4wa25gd+iwzSp4nxs+fcTws3R:vYk8IrFnTc4b25biCSWu+UcmR
Malware Config
Targets
-
-
Target
tmp
-
Size
266KB
-
MD5
0e06a0f67647db74c0b6719b6c892f2a
-
SHA1
da7c7f0abaa2044c031c3916154fc19405fbcc74
-
SHA256
aafc668d03f2fa59132b86a640f41eac2d2221053152524d99fcc61b7a56c5e4
-
SHA512
d5545ef0c9b140eb9cecc510643f24157e21b8e13e3a04908500b0cc22b41f6140c519de5c644e50ea108b9ee84eb1efd76449d6c44c9a361ebce79b3be76696
-
SSDEEP
6144:vYa6C8IkNwFnB8Qc4wa25gd+iwzSp4nxs+fcTws3R:vYk8IrFnTc4b25biCSWu+UcmR
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-