General
-
Target
fdfbc9e5ae70e2e3b7be7e90ab1708831d822bbb1887372bf6194713785b460a
-
Size
409KB
-
Sample
231207-dfdrfaaee6
-
MD5
b29dbf6781cc7efeeabe34da55265457
-
SHA1
b6987d4fd67071ed835a00f290ebe1afb31deca7
-
SHA256
fdfbc9e5ae70e2e3b7be7e90ab1708831d822bbb1887372bf6194713785b460a
-
SHA512
6324cc3e9645ad90a6ebf1a21de200a769f1e3bb3987e13241ca9bc8578c9812f68747d06b0ef7a2e95d8d174e9f72c409ad91313db04874d4c5779da4a2719b
-
SSDEEP
12288:Dqp2AAmJGMxHKuvrKYEI/GaAnZ5gJiTSWnwWoXah3H:DzXbM9vrKW/GaAnMIT3wWoi3H
Malware Config
Targets
-
-
Target
fdfbc9e5ae70e2e3b7be7e90ab1708831d822bbb1887372bf6194713785b460a
-
Size
409KB
-
MD5
b29dbf6781cc7efeeabe34da55265457
-
SHA1
b6987d4fd67071ed835a00f290ebe1afb31deca7
-
SHA256
fdfbc9e5ae70e2e3b7be7e90ab1708831d822bbb1887372bf6194713785b460a
-
SHA512
6324cc3e9645ad90a6ebf1a21de200a769f1e3bb3987e13241ca9bc8578c9812f68747d06b0ef7a2e95d8d174e9f72c409ad91313db04874d4c5779da4a2719b
-
SSDEEP
12288:Dqp2AAmJGMxHKuvrKYEI/GaAnZ5gJiTSWnwWoXah3H:DzXbM9vrKW/GaAnMIT3wWoi3H
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-