General
-
Target
73629041ba21eac0612891fa373454497871b1dddf5bf0c6f1600a09e406674f
-
Size
4.3MB
-
Sample
240329-brvszsdg7t
-
MD5
609ca9e45fae3c8ec391bc6f29d816c0
-
SHA1
7ca79f97289527a7ceac7187d76f15b58b2bcc97
-
SHA256
73629041ba21eac0612891fa373454497871b1dddf5bf0c6f1600a09e406674f
-
SHA512
d74b0fbd7af81e052a0b9ca68776e85b95522e18618ef53ba326bdad90d82043bfc566a547526c0f771ecb50f36ac41c4ea7a581196578e37887921bad951a6f
-
SSDEEP
49152:dKFvwrMy8gTdybhb8jwyX88OaU9LsI67gFQJqXTzs+q5X9dr8/:lvy1Q8aU9LxUBj4/
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6971578934:AAF5v308yK27D7O9hOaTd8yPwpZGC0RMoTA/
Targets
-
-
Target
73629041ba21eac0612891fa373454497871b1dddf5bf0c6f1600a09e406674f
-
Size
4.3MB
-
MD5
609ca9e45fae3c8ec391bc6f29d816c0
-
SHA1
7ca79f97289527a7ceac7187d76f15b58b2bcc97
-
SHA256
73629041ba21eac0612891fa373454497871b1dddf5bf0c6f1600a09e406674f
-
SHA512
d74b0fbd7af81e052a0b9ca68776e85b95522e18618ef53ba326bdad90d82043bfc566a547526c0f771ecb50f36ac41c4ea7a581196578e37887921bad951a6f
-
SSDEEP
49152:dKFvwrMy8gTdybhb8jwyX88OaU9LsI67gFQJqXTzs+q5X9dr8/:lvy1Q8aU9LxUBj4/
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-