Rewterz Threat Alert – Qakbot aka Pinkslipbot or Qbot Malware – Active IOCs
February 10, 2023Rewterz Threat Alert – Amadey Botnet – Active IOCs
February 11, 2023Rewterz Threat Alert – Qakbot aka Pinkslipbot or Qbot Malware – Active IOCs
February 10, 2023Rewterz Threat Alert – Amadey Botnet – Active IOCs
February 11, 2023Severity
Medium
Analysis Summary
Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed in many forms, most notably via phishing attempts. AgentTesla is renowned for stealing data from a variety of target workstations’ apps, including browsers, FTP clients, and file downloaders. Agent Tesla grabs data from the victim’s clipboard, logs keystrokes, captures screenshots, and gains access to the victim’s webcam. It has the ability to terminate running analytic programs and anti-virus applications. In an attempt to disguise its capabilities and activities from researchers, the malware also runs simple checks to see if it is operating on a virtual machine or in debug mode.
Impact
- Sensitive Data Theft
- Credentials Theft
Indicators of Compromise
MD5
- cc0f7456722f7042f1a061ada45452b1
- 0380a43dfc0b4a8bc851e4ce234bc6d6
- 5781bb7704a8ff56c92820b8723b3da7
- 2de6a24eb999a6937a781b8e0d660e9b
SHA-256
- 8a2baea019bf241e2808da9cef1595f50bb33c2ac4de23f74e0612bb96a6c251
- 3cb0643820510de72c67577af670b38c107df818d479c6e9d31886af623a3c70
- d663f91f70eb6da5e8cb4300513b546abb1c05e0fed2bdfa9d201368cffc1bc7
- 2d575b6789caae97f978f26b7e43088e3c72178d1e33e565e97bd6ccc6d4dc94
SHA-1
- 7a7982f41c376c4576ddf55ea39e399cab397f33
- 03149ac75497382a14139933ab4f435ba3976ebe
- 18a25a6fc910cf0913e4d9a0788e36695c81d809
- fbf91e1e2c1bba80df2c70de7589d90b348fcf39
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.