General
-
Target
NEAS.8bfd7886121330aca3002b5b1e768740exe.exe
-
Size
405KB
-
Sample
231202-mdvrlsbh61
-
MD5
8bfd7886121330aca3002b5b1e768740
-
SHA1
1dae238a6f5c6fb2074f8f7e9dccdaa625ccc71e
-
SHA256
03b950d316f2e66e637a9cfdd2f769d5a53296b0459df9cb6ed0fc0d25282958
-
SHA512
48354e5f6af35bce559d1476752cea9ebc4637e7792f8531b452b076c9949dca2892948c85e5b42ceebdc45cc3c21d03ce039c22983451c7c38b939a08528ee1
-
SSDEEP
6144:P8LxBsXwwT1Y0cFlY/gryMLsow0D4XWGUugY2zh6haFpT5JQajkcnu0tbhQKYh:xXlT1Ys4uMLsL0DXGhIz+YO4HtyKG
Malware Config
Targets
-
-
Target
NEAS.8bfd7886121330aca3002b5b1e768740exe.exe
-
Size
405KB
-
MD5
8bfd7886121330aca3002b5b1e768740
-
SHA1
1dae238a6f5c6fb2074f8f7e9dccdaa625ccc71e
-
SHA256
03b950d316f2e66e637a9cfdd2f769d5a53296b0459df9cb6ed0fc0d25282958
-
SHA512
48354e5f6af35bce559d1476752cea9ebc4637e7792f8531b452b076c9949dca2892948c85e5b42ceebdc45cc3c21d03ce039c22983451c7c38b939a08528ee1
-
SSDEEP
6144:P8LxBsXwwT1Y0cFlY/gryMLsow0D4XWGUugY2zh6haFpT5JQajkcnu0tbhQKYh:xXlT1Ys4uMLsL0DXGhIz+YO4HtyKG
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-