General
-
Target
1c5fe765bf3ebb0796a13fcfd22c3b9a92b55e2734b1de8904a8e8f8931f350f
-
Size
363KB
-
Sample
231203-cywvasha82
-
MD5
6efb6ff87f5d89884d54bec7292175cf
-
SHA1
22059d226717ac0d3939856d0dfa96d227d4f2f7
-
SHA256
1c5fe765bf3ebb0796a13fcfd22c3b9a92b55e2734b1de8904a8e8f8931f350f
-
SHA512
81af67219a0d32e45988d406a9faef65bbfbc816514d80867c57855fa286ecbcb86c9c1cc8730dc2be46f8e9ebd044102adf54cc5fef2d30efc0536701bb623c
-
SSDEEP
6144:3BlL/MvvVjdK0lJ5YqTkc1pEMkvIMFRnsEBkWqFFs7SqEsZc6/e5jbXyAGAu:xavtpKQhwiuMkrfkP07zO6/eF+eu
Malware Config
Targets
-
-
Target
1c5fe765bf3ebb0796a13fcfd22c3b9a92b55e2734b1de8904a8e8f8931f350f
-
Size
363KB
-
MD5
6efb6ff87f5d89884d54bec7292175cf
-
SHA1
22059d226717ac0d3939856d0dfa96d227d4f2f7
-
SHA256
1c5fe765bf3ebb0796a13fcfd22c3b9a92b55e2734b1de8904a8e8f8931f350f
-
SHA512
81af67219a0d32e45988d406a9faef65bbfbc816514d80867c57855fa286ecbcb86c9c1cc8730dc2be46f8e9ebd044102adf54cc5fef2d30efc0536701bb623c
-
SSDEEP
6144:3BlL/MvvVjdK0lJ5YqTkc1pEMkvIMFRnsEBkWqFFs7SqEsZc6/e5jbXyAGAu:xavtpKQhwiuMkrfkP07zO6/eF+eu
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-