General
-
Target
04fe2d015154c4ee70417431c1398adfe9b9558430f7e5332de342a5d0465706
-
Size
974KB
-
Sample
231208-cel6rahh7t
-
MD5
1a1b0c2be8ec7528738479cdedc0a952
-
SHA1
d853cc9c15f10df4623e14424c9e23fedfc5550b
-
SHA256
04fe2d015154c4ee70417431c1398adfe9b9558430f7e5332de342a5d0465706
-
SHA512
ef45c4ccd3e710e953f44f2093d7fbaa299629663e0dcd19bff94a0adc404219ed1654d5006331c12acb5dd29f0d0139389181c4682f7edb1e1ad660675ada31
-
SSDEEP
12288:vGXhkZ55wfp+CiLQhFDIZhKAddtdX52x/i512HLT4OH//N:vqK/OxNiEHDIZh7djWx/q12HLsOH9
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6488735902:AAFjq98r8SzTcc0BHWZQiLUk749fQ78ULos/
Targets
-
-
Target
04fe2d015154c4ee70417431c1398adfe9b9558430f7e5332de342a5d0465706
-
Size
974KB
-
MD5
1a1b0c2be8ec7528738479cdedc0a952
-
SHA1
d853cc9c15f10df4623e14424c9e23fedfc5550b
-
SHA256
04fe2d015154c4ee70417431c1398adfe9b9558430f7e5332de342a5d0465706
-
SHA512
ef45c4ccd3e710e953f44f2093d7fbaa299629663e0dcd19bff94a0adc404219ed1654d5006331c12acb5dd29f0d0139389181c4682f7edb1e1ad660675ada31
-
SSDEEP
12288:vGXhkZ55wfp+CiLQhFDIZhKAddtdX52x/i512HLT4OH//N:vqK/OxNiEHDIZh7djWx/q12HLsOH9
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-