General
-
Target
71b3391b6e2ec091dc7d56960d3b8f543b6011b5c3d68fe7e86f33a02605e21d
-
Size
350KB
-
Sample
231203-cxk2eaha69
-
MD5
f8072b8740d7ec0f694d3628e78d5a5a
-
SHA1
a6620334c67dddcc6dfef55f202a4848416b4f5c
-
SHA256
71b3391b6e2ec091dc7d56960d3b8f543b6011b5c3d68fe7e86f33a02605e21d
-
SHA512
7bf3d20ae87139fef75524211e21cd6a28b1f6f0dc3d10dd36fe2bf90574f3ccbbc3b4bb1d05b7bf7997a16ecede9506be4111fe98a513f3c4d5efda2ae8b47d
-
SSDEEP
6144:2BlL/DWicNIlgOw0nueLkxVtEM9AjhtADy6aia4Htw0vdlRSvdWpC6nmd6:UBWNIlgOw4uZTtPGhtKyz4Nw01lo+fmI
Malware Config
Targets
-
-
Target
71b3391b6e2ec091dc7d56960d3b8f543b6011b5c3d68fe7e86f33a02605e21d
-
Size
350KB
-
MD5
f8072b8740d7ec0f694d3628e78d5a5a
-
SHA1
a6620334c67dddcc6dfef55f202a4848416b4f5c
-
SHA256
71b3391b6e2ec091dc7d56960d3b8f543b6011b5c3d68fe7e86f33a02605e21d
-
SHA512
7bf3d20ae87139fef75524211e21cd6a28b1f6f0dc3d10dd36fe2bf90574f3ccbbc3b4bb1d05b7bf7997a16ecede9506be4111fe98a513f3c4d5efda2ae8b47d
-
SSDEEP
6144:2BlL/DWicNIlgOw0nueLkxVtEM9AjhtADy6aia4Htw0vdlRSvdWpC6nmd6:UBWNIlgOw4uZTtPGhtKyz4Nw01lo+fmI
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-