General
-
Target
10716507568.zip
-
Size
655KB
-
Sample
230608-zxqm8aah4t
-
MD5
5c6997a652fcf46833f8538f7755bfd6
-
SHA1
70fa33cfa0beb8fb51f100b61dc4f81551d552ee
-
SHA256
29492f49cf5c4835e72c3d1ef0665256fb51d70c0d7c3e8ecc9e6ea606185be6
-
SHA512
2a8b88bfdd4bc539ba60e2c876be29525d1e73fe4aa4b80d28ee5f93895a88b05f187d69816dadf2da0c7418c0c0aac9d26f78ea35a7c28c0a8f10fd206082cc
-
SSDEEP
12288:I4gbjQ08MKuYd84NZqYzN9Lu7HkxBSEpbz/LheY+SRMTqiAbNojgT5ggmw6apoBj:H6jS/DNZlfeE+Kf/kNuMTqiAnT5gglh0
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6041893220:AAF8CZzv8AFxOdWhmChH81__ao3x5_lnfqU/
Targets
-
-
Target
8a047f295a91aa91f23be8a37f8c3ee23acb4dd92c14fa4db2fcb25d11e5af42
-
Size
758KB
-
MD5
a3b6251f4bbffc665e9102bc4e4076de
-
SHA1
c67950841989b1ab4b1309096e4961099012b42e
-
SHA256
8a047f295a91aa91f23be8a37f8c3ee23acb4dd92c14fa4db2fcb25d11e5af42
-
SHA512
2e787dd4079bea1167532ab3d174e01a10d9f67b25f4a7d96ababfcae3d31593352134ad8ad792feb1de4c98a78f4bba15e546917286bb31501c742d61b3f1a6
-
SSDEEP
12288:Ji4haDnLMzIL2q+RTdOL8iZUi5ipiXRqNcv2pJ4tsLwc6Bb79323asWDj:VOyqGUL8iZUi5KiXENHTLNwb52KDj
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-