General
-
Target
TNT Consignmentpdf.gz
-
Size
124KB
-
Sample
201126-6fl7b2e8aa
-
MD5
39bb9663be0118e0e700584ba2573880
-
SHA1
b16a4cbb6f09e96052898d9d27acb9498dd88349
-
SHA256
7b585ea16a4c2a78440f294daa0935cb05e2d6c560fde61bb782e9050b5ac6d3
-
SHA512
ccb16d57913a6ce760cadfe5b3b4a35faab44d739c66066f854b8c911b50972e89d14a4a91cee759b50b7354ee7e18372db28805f2f4dfbcb3e4b38c46b6ad98
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.flood-protection.org - Port:
587 - Username:
somc@flood-protection.org - Password:
somc2424@
Targets
-
-
Target
TNT Consignmentpdf.exe
-
Size
227KB
-
MD5
38058054ca254844b2dbdf4b8471f5c3
-
SHA1
35d717f79fb7e158f8747618e30bdceaf768989e
-
SHA256
3c6f594e9413cfee357643ee74744e5e283f7f746de2b139f53e14eb615d609f
-
SHA512
eb93e96d33239e109bed35f7ec70dc10bfaaa665b54a0c359484ee23d052fdff0c6f4ca8be499ba178dcfca6bf3cd67dc07061e27c66b3d0f55ed17dee7496c0
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-