General
-
Target
9823f7e948183b00c21118b449928b13.zip
-
Size
371KB
-
Sample
240903-dfbl3svgjl
-
MD5
2231e15d2b63b46e75a1a85b55da48d6
-
SHA1
b541db1ef97bf8ed7a7dcf358540b9f4f4dc4a68
-
SHA256
c95f84fa4e68113e4a7bd145689abcea0a49cdeab50efa14c7ef0242721f0a59
-
SHA512
0a1a780eab356a47a20e77d0fa71aaf83a55825debc2c5df5d13cfe7f5e9f565f261c18bd99da9ea728b6183ccc3e31b7ea2a1b5ee6a7b58df95a09f5ecd6e10
-
SSDEEP
6144:ELoy3+b8v9LJ3mB9PDEroPFeyBkRC5KcjKlaYVg2fRlcloKvK5Z39HwRIDjwZ3m7:NyObo9LwPDErodlbY6YVgkfKIZ39QRIr
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1842959733:AAFY3p5rwdG6JV0Y6_CQjuDBIdfxG4yDKKA/sendDocument
Targets
-
-
Target
cd778d0104c736ba30345dd9563b44ef91af6e67e220c82bce341148fd3a486a
-
Size
402KB
-
MD5
9823f7e948183b00c21118b449928b13
-
SHA1
3cc0a60deb05754df077d61cfd3686dbf22aaae7
-
SHA256
cd778d0104c736ba30345dd9563b44ef91af6e67e220c82bce341148fd3a486a
-
SHA512
3bcb625f108ecedc29bd87bbcced8ebae8c6ba5e54ef14cfd0756b4f161e09aa03dcf2c17f460c8165889b9dcc9bba23ae497494c21122b56498abc9455df5be
-
SSDEEP
6144:kTIsqMJytt5RxiGMByZk1YjSn1bojcLv8DIW6myoN3+K2DGH8LA5AsXnY:8ZqMoYmj8bosnBmv+ZZLmAso
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-