General
-
Target
16cb75f304ead30d5c624f026272b3c6a3b533f087197c240fa92b1b69646045
-
Size
638KB
-
Sample
230525-g9f1fagg6v
-
MD5
35b9124a72b939bddecd642532c56d4f
-
SHA1
f9e9180f483a4b98a060f68a7df2ec38c7cb930a
-
SHA256
16cb75f304ead30d5c624f026272b3c6a3b533f087197c240fa92b1b69646045
-
SHA512
d2be6d3d097e300b180747942c6c526a8474ec066f8e322d1fb860b75e3935d7f4b87b352b28409cd65680689ab23bb48f408b6f1938d93d623475bf3a0187c2
-
SSDEEP
12288:x2iN/I3c8Vrao5qrEUt8R9XIBbAaz2a1P9mnwK7t8hXZ:x1hIFao5qrIRpIBx1DKGhp
Malware Config
Targets
-
-
Target
16cb75f304ead30d5c624f026272b3c6a3b533f087197c240fa92b1b69646045
-
Size
638KB
-
MD5
35b9124a72b939bddecd642532c56d4f
-
SHA1
f9e9180f483a4b98a060f68a7df2ec38c7cb930a
-
SHA256
16cb75f304ead30d5c624f026272b3c6a3b533f087197c240fa92b1b69646045
-
SHA512
d2be6d3d097e300b180747942c6c526a8474ec066f8e322d1fb860b75e3935d7f4b87b352b28409cd65680689ab23bb48f408b6f1938d93d623475bf3a0187c2
-
SSDEEP
12288:x2iN/I3c8Vrao5qrEUt8R9XIBbAaz2a1P9mnwK7t8hXZ:x1hIFao5qrIRpIBx1DKGhp
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-