General
-
Target
JHbHh87.exe
-
Size
779KB
-
Sample
240912-hx3jcaxdpd
-
MD5
16db9460a6f56523692ac4d59769c09d
-
SHA1
7a3803147ecdc2ca799cf774e5b67747b793c3a5
-
SHA256
6d3a01714c17f25c4391e3b367e96841d18d13f511638cb70d733c88a6699c52
-
SHA512
afe0b9388759ec4eebbd3e80709d30a8b01a0cad183b0100021450fb8135acf28a5eba734eaf5234659f0710b9a910b36bf535edb7dc3b5ecd89d4118a048f81
-
SSDEEP
12288:wRKE9RpGvG6iA7nMGeKaq6IrH+NV39+BT+4PMfdWg8bDdyb55/H12v:4KE0vG+DMGeVviGUTMfdWg88bB
Malware Config
Extracted
agenttesla
https://discord.com/api/webhooks/1102628938297126932/VXo1d4QPT7EK07KTUTuQS7U_mKjmgq8stDCniUJH2kE2FO4XTxFLPNZl3UiI_GL_VhUD
Targets
-
-
Target
JHbHh87.exe
-
Size
779KB
-
MD5
16db9460a6f56523692ac4d59769c09d
-
SHA1
7a3803147ecdc2ca799cf774e5b67747b793c3a5
-
SHA256
6d3a01714c17f25c4391e3b367e96841d18d13f511638cb70d733c88a6699c52
-
SHA512
afe0b9388759ec4eebbd3e80709d30a8b01a0cad183b0100021450fb8135acf28a5eba734eaf5234659f0710b9a910b36bf535edb7dc3b5ecd89d4118a048f81
-
SSDEEP
12288:wRKE9RpGvG6iA7nMGeKaq6IrH+NV39+BT+4PMfdWg8bDdyb55/H12v:4KE0vG+DMGeVviGUTMfdWg88bB
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-