General
-
Target
d0bc3072a017d0530371c3a263e32b0db3eebffcc7c4099d2678d39ee26a73a7
-
Size
1.2MB
-
Sample
250114-bpmplasnfz
-
MD5
a21f1b0246976d5217a498de945bee79
-
SHA1
b13939d46afc71db2bf7c47ebedd6f3a0b1a0d44
-
SHA256
d0bc3072a017d0530371c3a263e32b0db3eebffcc7c4099d2678d39ee26a73a7
-
SHA512
378ddc6ae5c295896103c05e217c171807b0ce1e9757bc8ba0d973491d3225793378eeccb766b4e5369d053cd4d944d338e5e21f39558e9f7e5222c23420ddda
-
SSDEEP
24576:/J/94IkAJHjv1RIAhjLoamMiX4lNmZg0YxegPbUIDPP:/BugJHFjLoyEkmZ9Y14
Malware Config
Targets
-
-
Target
d0bc3072a017d0530371c3a263e32b0db3eebffcc7c4099d2678d39ee26a73a7
-
Size
1.2MB
-
MD5
a21f1b0246976d5217a498de945bee79
-
SHA1
b13939d46afc71db2bf7c47ebedd6f3a0b1a0d44
-
SHA256
d0bc3072a017d0530371c3a263e32b0db3eebffcc7c4099d2678d39ee26a73a7
-
SHA512
378ddc6ae5c295896103c05e217c171807b0ce1e9757bc8ba0d973491d3225793378eeccb766b4e5369d053cd4d944d338e5e21f39558e9f7e5222c23420ddda
-
SSDEEP
24576:/J/94IkAJHjv1RIAhjLoamMiX4lNmZg0YxegPbUIDPP:/BugJHFjLoyEkmZ9Y14
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
AgentTesla payload
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-