General
-
Target
02be2ba38f47bf58b12515c739d36d435783687e9fc5d5933043bcc2481064c3
-
Size
1.2MB
-
Sample
231208-c5hagsgg79
-
MD5
24ea839175f2a4b5fd4779000b869421
-
SHA1
757c623bc09b2f57b9e5b6b58bfc40c6e9645f31
-
SHA256
02be2ba38f47bf58b12515c739d36d435783687e9fc5d5933043bcc2481064c3
-
SHA512
42d7040057384c40b9aee75ca689d18367e0e983316bf6ba0138d03e62994d6f452bb6abe1c9f0cffac04c82dcebc7cf06ee08440ac0bf29ecc2aa7115611a6c
-
SSDEEP
96:5AT6dh/TUJQHQ7RqdYt7lrZIjG6DSfA/dgwo/pf8Bhrt0ozNt:aT5OQRz7ZZI9Sf8gw+pUfrKq
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6414995176:AAGuFTS3tKhdeIu6sCNhCNw8cv7vkPJh1TQ/
Targets
-
-
Target
Our Inquiry_RFQ Details_Heap lee chan Trading_Pdf.bat
-
Size
5KB
-
MD5
307250be963257c7e18a3252e4bd74d4
-
SHA1
568d3fd58dfbd7140aae6a7840460b343c83c13f
-
SHA256
9bdd0e7c37eeae0f6d4da635e9c856fb2e009aa7ed59777f33776ff89066fba6
-
SHA512
71bbc3c7013730683d33c594613dc831c337ca0298975f42705e92afeb2c34b78b166820f4f4b05480f4673c626d0f81c40372090627a76562454e1a8fade484
-
SSDEEP
48:6Qi+hmUGDJrNHIjfe6DSfAEnwgKgwoWz6Ao/CIjfdUhLQIfhsFwQpsVtiOlSDqFQ:G7lrZIjG6DSfA/dgwo/pf8Bhrt0ozNt
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-