General
-
Target
f35031dad7ad42ea6ea2fa3759b9d30f25d2f2c538bb41b7a141882bccad7016
-
Size
588KB
-
Sample
231207-bjk9ksaad3
-
MD5
1798698abf363fd83df2ee7c88591afd
-
SHA1
c8fb4e10db9391ba47c48cc290b48b79d0913b32
-
SHA256
f35031dad7ad42ea6ea2fa3759b9d30f25d2f2c538bb41b7a141882bccad7016
-
SHA512
5a980e86639fa27cd98edfdd484d2fde03b9ecaf773ca95daa8c708bd246cead8e560222bd2322e1ced0d632dd3c805765d0cee0f646d4e72037dffc4a1d8a8a
-
SSDEEP
12288:GxPgUrdp0oGxDlerc40j5m2AzvccCFGWFOwViPIRO:OvuosW0N3Y5YNU9
Malware Config
Targets
-
-
Target
f35031dad7ad42ea6ea2fa3759b9d30f25d2f2c538bb41b7a141882bccad7016
-
Size
588KB
-
MD5
1798698abf363fd83df2ee7c88591afd
-
SHA1
c8fb4e10db9391ba47c48cc290b48b79d0913b32
-
SHA256
f35031dad7ad42ea6ea2fa3759b9d30f25d2f2c538bb41b7a141882bccad7016
-
SHA512
5a980e86639fa27cd98edfdd484d2fde03b9ecaf773ca95daa8c708bd246cead8e560222bd2322e1ced0d632dd3c805765d0cee0f646d4e72037dffc4a1d8a8a
-
SSDEEP
12288:GxPgUrdp0oGxDlerc40j5m2AzvccCFGWFOwViPIRO:OvuosW0N3Y5YNU9
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-