General
-
Target
RFQ.pdf.exe
-
Size
1.1MB
-
Sample
200715-3l3m2j33fe
-
MD5
40ebf8bb674b984b2485616e70581f47
-
SHA1
9459e7e5c22744f79477aa0aeea03d628bfb9cc3
-
SHA256
a56855064cde16356d60565bc667ae8450e8604f66b6c30dfe94c97703e36a96
-
SHA512
f0a88a5ef1de7bdb76bcf92699e1c6e484adbd4e4642ce705cb5f923feaa3965f5d4be7f52c7a9cec219a4ebe27eb83f62882ebcf066d2cd7ac28c55654a989f
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
kingmoney12345
Targets
-
-
Target
RFQ.pdf.exe
-
Size
1.1MB
-
MD5
40ebf8bb674b984b2485616e70581f47
-
SHA1
9459e7e5c22744f79477aa0aeea03d628bfb9cc3
-
SHA256
a56855064cde16356d60565bc667ae8450e8604f66b6c30dfe94c97703e36a96
-
SHA512
f0a88a5ef1de7bdb76bcf92699e1c6e484adbd4e4642ce705cb5f923feaa3965f5d4be7f52c7a9cec219a4ebe27eb83f62882ebcf066d2cd7ac28c55654a989f
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-