General
-
Target
27e45037b1b654116d2b38935319922820388546c717ace1223236fe37740ee7
-
Size
422KB
-
Sample
231208-bkq68ahg5z
-
MD5
50541c2cd38eed9db2a65faa10fdc877
-
SHA1
432affdf4626871c032cdb0d0432c9c91897df5b
-
SHA256
27e45037b1b654116d2b38935319922820388546c717ace1223236fe37740ee7
-
SHA512
e8ece503b2e96f314b9e480396a93cc3e6af2141488ed92e8bd76c75d6b3a5263ae57b28a09f87847aef238538c0b532eed833d1fdd0dc974cf7fdb6c408d96d
-
SSDEEP
6144:P8LxBgQA9EWGEbktNxLahPW9DOzyAoXYwNF6dGtGW62WYFbNAKw6kOMw:gAVfbMNx+ZhyAoXNievWmvrMw
Malware Config
Targets
-
-
Target
27e45037b1b654116d2b38935319922820388546c717ace1223236fe37740ee7
-
Size
422KB
-
MD5
50541c2cd38eed9db2a65faa10fdc877
-
SHA1
432affdf4626871c032cdb0d0432c9c91897df5b
-
SHA256
27e45037b1b654116d2b38935319922820388546c717ace1223236fe37740ee7
-
SHA512
e8ece503b2e96f314b9e480396a93cc3e6af2141488ed92e8bd76c75d6b3a5263ae57b28a09f87847aef238538c0b532eed833d1fdd0dc974cf7fdb6c408d96d
-
SSDEEP
6144:P8LxBgQA9EWGEbktNxLahPW9DOzyAoXYwNF6dGtGW62WYFbNAKw6kOMw:gAVfbMNx+ZhyAoXNievWmvrMw
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-