General
-
Target
Original Shipping documents .pdf.exe
-
Size
497KB
-
Sample
200716-kbvg8bppxx
-
MD5
b4c970d02853627e0895a727572788c7
-
SHA1
78c71acc984005bb0f7db63180dd3b3fa9673abb
-
SHA256
7d55b0a9f323550b53b9bed20b938959163a3ab02b995a6d84d5e4b0145febb7
-
SHA512
3f71519f1c105b49c538dd7b37e22207765c233809999eed8f786d834b023d85974d4fd4ba370e19f5843eefc454c5a88149985dacf9fee878315a41d3c7cc35
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
kingmoney12345
Targets
-
-
Target
Original Shipping documents .pdf.exe
-
Size
497KB
-
MD5
b4c970d02853627e0895a727572788c7
-
SHA1
78c71acc984005bb0f7db63180dd3b3fa9673abb
-
SHA256
7d55b0a9f323550b53b9bed20b938959163a3ab02b995a6d84d5e4b0145febb7
-
SHA512
3f71519f1c105b49c538dd7b37e22207765c233809999eed8f786d834b023d85974d4fd4ba370e19f5843eefc454c5a88149985dacf9fee878315a41d3c7cc35
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-