General
-
Target
ORDER2006825PDF.bat
-
Size
329KB
-
Sample
200713-56w37n8gyj
-
MD5
eb441a7f4ae42f3c61d90fe6c1f52a37
-
SHA1
845d56c017fbf48356ec10688dbd56dcf0104d4f
-
SHA256
6af0d9e7f7aaaa03a685b4fa6e003b55ded357d4d35874f98b8deaafbae7f2b1
-
SHA512
d598a660dda08ef3b428688cf03cb921324fe4118e3bfb055fefd825e91b92fa715f1ec0b6850fc14d55c4155cb68b4060d0b92422df7f3dbf30c8f2a0e752e3
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
webmail.saritatravels.com - Port:
587 - Username:
[email protected] - Password:
sameerb%$321
Extracted
Protocol: smtp- Host:
webmail.saritatravels.com - Port:
587 - Username:
[email protected] - Password:
sameerb%$321
Targets
-
-
Target
ORDER2006825PDF.bat
-
Size
329KB
-
MD5
eb441a7f4ae42f3c61d90fe6c1f52a37
-
SHA1
845d56c017fbf48356ec10688dbd56dcf0104d4f
-
SHA256
6af0d9e7f7aaaa03a685b4fa6e003b55ded357d4d35874f98b8deaafbae7f2b1
-
SHA512
d598a660dda08ef3b428688cf03cb921324fe4118e3bfb055fefd825e91b92fa715f1ec0b6850fc14d55c4155cb68b4060d0b92422df7f3dbf30c8f2a0e752e3
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-