General
-
Target
e054f78b7058dbc3166df6483cf322288502ca0866daf6421504d57565a0aa15.exe
-
Size
973KB
-
Sample
231203-mshqlabe37
-
MD5
5894c2a089c25a7a7dc24c26e27496af
-
SHA1
7c858439cee8de3eb09443bd65f706ce94451cfe
-
SHA256
e054f78b7058dbc3166df6483cf322288502ca0866daf6421504d57565a0aa15
-
SHA512
1664a1ac2918b86ecfcf4454cc550915889d0a5081b795d8827958ac694561cdb0f5a6bcbc4ef07a62027be46ee400eeb66c5ffc42b15a39a4e13bd617e1f871
-
SSDEEP
12288:+3copox4TQJRw04grHB+MkWotBgbPoPgn80pdKQ1VUF+UoNoeApXL4fMxZr:7e/WRw0Rd+MhwB+Qk97rN9+eApEfS
Malware Config
Extracted
agenttesla
https://discord.com/api/webhooks/1179011823245217852/BApmSysJ7ds4rFscxhzRAHKJv1hyP1UFKhyfN1ojsei9HMF0L9z-hwZZiDIGOsncVkXv
Targets
-
-
Target
e054f78b7058dbc3166df6483cf322288502ca0866daf6421504d57565a0aa15.exe
-
Size
973KB
-
MD5
5894c2a089c25a7a7dc24c26e27496af
-
SHA1
7c858439cee8de3eb09443bd65f706ce94451cfe
-
SHA256
e054f78b7058dbc3166df6483cf322288502ca0866daf6421504d57565a0aa15
-
SHA512
1664a1ac2918b86ecfcf4454cc550915889d0a5081b795d8827958ac694561cdb0f5a6bcbc4ef07a62027be46ee400eeb66c5ffc42b15a39a4e13bd617e1f871
-
SSDEEP
12288:+3copox4TQJRw04grHB+MkWotBgbPoPgn80pdKQ1VUF+UoNoeApXL4fMxZr:7e/WRw0Rd+MhwB+Qk97rN9+eApEfS
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-