General
-
Target
FedEx-Shipment-8161131174.jar
-
Size
1.1MB
-
Sample
210126-s34xfhvtye
-
MD5
5bc31ca8a6f1a1198a053d6c4d76ce86
-
SHA1
705b786bb19612fbddc63bb2cd1d773c7041640f
-
SHA256
ecf286b6a75ab1e6281afe6db2b68425e5466b4421e5b6b9a3408fd93d530ca0
-
SHA512
244db437e3f5464ea792dafcca532a4f35711c3f71c2d7e91121a93c12881bc4d94565fa86fc5f2218606d20f0ec2bc7f802f3422a63838d233adc2b374fba4a
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pexonteam.rs - Port:
587 - Username:
[email protected] - Password:
Mdn7dRsJ[7q}
Targets
-
-
Target
FedEx-Shipment-8161131174.jar
-
Size
1.1MB
-
MD5
5bc31ca8a6f1a1198a053d6c4d76ce86
-
SHA1
705b786bb19612fbddc63bb2cd1d773c7041640f
-
SHA256
ecf286b6a75ab1e6281afe6db2b68425e5466b4421e5b6b9a3408fd93d530ca0
-
SHA512
244db437e3f5464ea792dafcca532a4f35711c3f71c2d7e91121a93c12881bc4d94565fa86fc5f2218606d20f0ec2bc7f802f3422a63838d233adc2b374fba4a
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-