General
-
Target
010ef94907f5876e46be0ed87689fde9.bin
-
Size
998KB
-
Sample
231011-mhkr7sgf8z
-
MD5
b5e2c5bedc924f659b307a46b52055a4
-
SHA1
660521e68f0fd090719996568e6c2b8f77c2b2c1
-
SHA256
a58d90831710eca88256a16ab1164de33e09e746bca461166e9a1769a5430c87
-
SHA512
507f0fa70093906dca781b265caff9f9d6da902b7d75f162a2f1ee8c72d7d245920e921812ba705657d0a9cc614a770c17dffbd106bc73f4e238b4e3d7cedd14
-
SSDEEP
24576:QoJMLsxop1N2DZUCuVQKHZj5i5sjHfJC1gtyeGZ7jL4:XJo/N2dWQm5n/JigSZ7jL4
Malware Config
Targets
-
-
Target
8d9a8f9de34a75aeba8164f658881f4c142690b58c8cf30486f18574a8e14185.exe
-
Size
1.1MB
-
MD5
010ef94907f5876e46be0ed87689fde9
-
SHA1
7c142550561efe5f513d269f134a6d15ce28d24c
-
SHA256
8d9a8f9de34a75aeba8164f658881f4c142690b58c8cf30486f18574a8e14185
-
SHA512
d14f04995edf513e0540e2cbf7657da25e5bd4d1ad602d72ccf13d84dc938c2950e6aae96329fc50ce14cb7120d79ab05539c0d917ae3a82bb97f509e65b6ae9
-
SSDEEP
24576:lurGpIFO+xYcXvbNqzuxHozoi0a9SwY1S4o0DoNy0p:lu0IPfbNq6xmoi8w+S4B0p
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-