General
-
Target
a7059e45ebb9d1f31858232b07857da943cd75c8689da5a475ca8d54293df7b0
-
Size
982KB
-
Sample
250114-br2ljavnhk
-
MD5
f1223e61e7123b96e3d7ac919c32f985
-
SHA1
98db85562644048cd37596ca66d2b9d8035410c0
-
SHA256
a7059e45ebb9d1f31858232b07857da943cd75c8689da5a475ca8d54293df7b0
-
SHA512
3f73233e25d1f8bd7cae75a11b3913429928a492ed087fe685e249799f7f9812a7258bf25f16adfc628f42ee6f68e53278159bc571bd94c85094ce9c58f7d420
-
SSDEEP
12288:V5I0wXiC25YyzNTeO43a9pTpDXSu3LfH30xXgDFiZYKdD+o:XV1wab1DCkowDFi3D+o
Malware Config
Targets
-
-
Target
a7059e45ebb9d1f31858232b07857da943cd75c8689da5a475ca8d54293df7b0
-
Size
982KB
-
MD5
f1223e61e7123b96e3d7ac919c32f985
-
SHA1
98db85562644048cd37596ca66d2b9d8035410c0
-
SHA256
a7059e45ebb9d1f31858232b07857da943cd75c8689da5a475ca8d54293df7b0
-
SHA512
3f73233e25d1f8bd7cae75a11b3913429928a492ed087fe685e249799f7f9812a7258bf25f16adfc628f42ee6f68e53278159bc571bd94c85094ce9c58f7d420
-
SSDEEP
12288:V5I0wXiC25YyzNTeO43a9pTpDXSu3LfH30xXgDFiZYKdD+o:XV1wab1DCkowDFi3D+o
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
AgentTesla payload
-
System Binary Proxy Execution: InstallUtil
Abuse InstallUtil to proxy execution of malicious code.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-