General
-
Target
29032024_2123_Halyk Bank_ Tolem Twrali Kenes_Pdf.img
-
Size
1.2MB
-
Sample
240329-qm6r1sab58
-
MD5
7bbced0358bf5943c4bd0954557a8fe2
-
SHA1
5c6a8cc0ebe5cb616cec747126825cfdd755b593
-
SHA256
13ff16760c59886e2ba0482698b1d7175ef6e3ea835547ff86012d0b8ee44a10
-
SHA512
8c6d4b498686098b4bd835eeca898e5e78c06ca7ade99ff96dcd82dfb77c456b8d0b235815e70f3bf785d527dec4f2c1f5d626b412b983a60ec3c68093d3e28d
-
SSDEEP
6144:AjW336BOnM31jn8RFPyOqpthgQL2iGcUfMceJyiZ1QKzb:UZOnMx2yOKoQL2iGzMfDr9zb
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot7098200832:AAF77S_bIwCn618TniqrUKxOVzgrBRiJXHQ/
Targets
-
-
Target
Halyk Bank_ Tolem Twrali Kenes_Pdf.bat
-
Size
225KB
-
MD5
e340bf4da764936b7d2cd406c0e07878
-
SHA1
15b7cf03af6e3d20fa4a5e7a33309187953cdb2f
-
SHA256
9aecf3ebcbe1a93fa0b6bad4f4aa638c9d987c022abbe52406bc0066a00e448e
-
SHA512
39f21461214857ca6e9b9df28528316a4a43d080564bfa57513578e575fb3dafe9a6882aa85c03872eb0b11722c660d457dfedf2927407b882194995bb33dcf2
-
SSDEEP
6144:PW336BOnM31jn8RFPyOqpthgQL2iGcUfMceJyiZ1QKzbA:PZOnMx2yOKoQL2iGzMfDr9zbA
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops startup file
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-