General
-
Target
c21744a4787152b09fdfd6d0d282350ddb7ebe26824021dec573cffa55836fbd
-
Size
705KB
-
Sample
231206-epzwpsbb29
-
MD5
3514fd802a8f305acfb85b709aa86074
-
SHA1
0fe469e5b42bb192ab9eb9f3c4c66b901c8a185d
-
SHA256
c21744a4787152b09fdfd6d0d282350ddb7ebe26824021dec573cffa55836fbd
-
SHA512
e90db7f86bce0bf7e306ff3574ff36d632e341803178daf643eaf8d4c4ecd8dcf7b3f18bec119a0020e37f10cc3b72bcff5d15746a41b079ebfc0154da6d82df
-
SSDEEP
12288:k847RD9Zvao1GCfnMUakzBBfhDzLcB89zNeU//6xglKe2WmaEPiEyR028h:k8S9FavCfMBYBxzLcBWzNew/6xg7EV2o
Malware Config
Extracted
agenttesla
https://discord.com/api/webhooks/1180973542540595330/m_7J6uu_CMPrtrs2YMplijNrEiqTgPX6W-unyecPj4ZytCZyLySJdPC12_vkfdwQicTt
Targets
-
-
Target
23343100IM00270839_Dekont1.exe
-
Size
1.1MB
-
MD5
9d30f25b8c61a1736d7296f65b5ddba0
-
SHA1
6c5cf22f6f581e278109b7aa79af945835dcb490
-
SHA256
f0a807ee5a09035670ebd38dd8dcb584f9af0f51f3ae072791f61db7766d6689
-
SHA512
c87dc3b875758ce744ee2f6a57c8e859898bcca86bc47e5a357df1609ecf31cb709b52246ef019d69ee3a1b0ae12a98d9d132423fb0826b14408d73a766507a6
-
SSDEEP
24576:11bPKtD/61IyUiFBKL4eryD2Tfckv4B/:W6KyzBKLzbfczJ
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-