General
-
Target
Fizetesi felszolitas.tgz
-
Size
837KB
-
Sample
210118-awganmw5js
-
MD5
54126d3ae8111eb06fe32bd68b18c42a
-
SHA1
8d8b9862874a74b64cb2c0ba742df3b99e1acade
-
SHA256
8e1ef1624b46c494654f11f3ee21a6f5e12e6c6d8e11d452df2c0bb340033ebe
-
SHA512
590a1ccef5d8684f089512fac6bc1c08645990173a7220b5d1130af9318eb4bcd0d6c0431266b9f32440502609c1dd4fe77eb93c55a87c0f3329424f7675e706
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.1and1.es - Port:
587 - Username:
catalinafuster@palmaprocura.com - Password:
CATALINA12345
Targets
-
-
Target
Fizetesi felszolitas.exe
-
Size
1.1MB
-
MD5
0f9bb0af0b6b523da4d4bd6cdb4369fc
-
SHA1
ecd387955873b7cf8a915225e895468901c680e0
-
SHA256
9051a47cbd6a5345fdc23e7e28b6c432a2cb5500540840fa1a9715f63d4506a7
-
SHA512
54dd4663cd1879f666c2720b4e86c9776b6bfc3cd608351f8a1dd00c07cd691e6ff2c66da1530347c788249bf17eb9af7a220de19a315f4cf1ab5eebab1c2060
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-