General
-
Target
DINTEC Order 28012021.exe
-
Size
1.1MB
-
Sample
210129-t4g877mq9s
-
MD5
16a00e358736ae0bf135aec278aee516
-
SHA1
e23a6de31dcefda3d84fcd8b0122f33c1a726249
-
SHA256
bd89f6e2794f0c383ca15b99c53a28d6b527be58ec713efcafff4f0db21959f9
-
SHA512
62818848086b033eed1d1f43a133ae66e6da4d23b3d99b32ab5410d33f52f978c12ab84d231b461fd4249f086ce955c0a3d67d5eec325a9dd4c3ad7667f9a27a
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
[email protected] - Password:
Grace@331011Thinck
Targets
-
-
Target
DINTEC Order 28012021.exe
-
Size
1.1MB
-
MD5
16a00e358736ae0bf135aec278aee516
-
SHA1
e23a6de31dcefda3d84fcd8b0122f33c1a726249
-
SHA256
bd89f6e2794f0c383ca15b99c53a28d6b527be58ec713efcafff4f0db21959f9
-
SHA512
62818848086b033eed1d1f43a133ae66e6da4d23b3d99b32ab5410d33f52f978c12ab84d231b461fd4249f086ce955c0a3d67d5eec325a9dd4c3ad7667f9a27a
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-