General
-
Target
3b8974abc5bd12b5dc5c5438f83f262ba8c4c01efcee9a95932d98b8817a35cb
-
Size
587KB
-
Sample
231209-cfm5faffd2
-
MD5
62bcb2a5e85045733c1317675ede5529
-
SHA1
07f5e3a4d0ae03182b7553d1bb5af738624745d7
-
SHA256
3b8974abc5bd12b5dc5c5438f83f262ba8c4c01efcee9a95932d98b8817a35cb
-
SHA512
25904446bfa10fb0c5194250d71c86a6045f5ed1f3882d224b1933644d8e09ddbaec773fb890c298edb527c778ec7f538d021691475dfae6b0b0846eaf43329f
-
SSDEEP
12288:GxPgUrdBpK8vNhdyzpeG6MqgsrUWaCX0uvSGF:Ov/vNhMqd/Sk
Malware Config
Targets
-
-
Target
3b8974abc5bd12b5dc5c5438f83f262ba8c4c01efcee9a95932d98b8817a35cb
-
Size
587KB
-
MD5
62bcb2a5e85045733c1317675ede5529
-
SHA1
07f5e3a4d0ae03182b7553d1bb5af738624745d7
-
SHA256
3b8974abc5bd12b5dc5c5438f83f262ba8c4c01efcee9a95932d98b8817a35cb
-
SHA512
25904446bfa10fb0c5194250d71c86a6045f5ed1f3882d224b1933644d8e09ddbaec773fb890c298edb527c778ec7f538d021691475dfae6b0b0846eaf43329f
-
SSDEEP
12288:GxPgUrdBpK8vNhdyzpeG6MqgsrUWaCX0uvSGF:Ov/vNhMqd/Sk
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-