General
-
Target
a573fef04d3e3afefd879c021bc35636fea5bca4a9cbd8bc14329916c0f36c25
-
Size
642KB
-
Sample
231213-b6tjgaechp
-
MD5
a15d5ae3669199a90d2f3a3192d7a4a9
-
SHA1
0480c7b833d3bc9792ad7484fffe0a6873809e1f
-
SHA256
a573fef04d3e3afefd879c021bc35636fea5bca4a9cbd8bc14329916c0f36c25
-
SHA512
927b07abef62984f53db68236301974b8cba5c076ed0b2fcc2a453a4ba51c45b20b34950f17d7bba02cd68eb07a9b09cc8472f0220b80277c60fd0747c50b759
-
SSDEEP
12288:SYitwbtwoZV2JnUj9Pz9U1e/a3dKY9jz4zX+olfm6LFlMXnYaeM5W4Wn8GHlA:ntBZKnUj9rC1Qatv8zXHdLDMXpV5W4Wa
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6951347694:AAFNQsyUSI3cANPz4_GPvhuwkgXsMAsB41o/
Targets
-
-
Target
200-8888-000000-111111-99999-0909.exe
-
Size
674KB
-
MD5
28c00635cfc915ef65aa9ae781b3ba29
-
SHA1
f7ca0c543bd26d970ad8d79b5d04260db00da862
-
SHA256
dec9e3d82728245f93f270ca561bc1328e7fc64c2da9dc4d07033070262ce7c1
-
SHA512
b492f4d738c3c70fbab11dfe546bada4ce80126893bf5987565fe78f2ef391a515102cca2939f17f67025fdcfea09fbe4cf0c387430ad1a688214ee57c578102
-
SSDEEP
12288:8r6Gu+4WpAEFy7NyoZDUx8939KO7KYL4Ggwz4zX++lrmmLFx8XnYaeM1Zq9dg8+C:Y1pAEgZo+9tH7l4GZ8zXDvLb8XpV/+dU
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-