General
-
Target
Price List Request.tgz
-
Size
556KB
-
Sample
210201-vkpm2jb1hj
-
MD5
c04ff88efee99fb8f332fada0ca0a94f
-
SHA1
49588c6b572bdb2516ecade3fd2de238aa5de8e3
-
SHA256
797345c2e1b59a15d8a8cc0cbbe97c3cb8fb488eddd2dc73c6f7251a0e5b726d
-
SHA512
d1b6ae69592ee90ffd77705e20b0da6f4be3e888890be74b79121a1b5a506e21132769840ac189b64f4ab89ed404fe4879375005793c414e0e1fa9abe8eafeb4
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.1and1.es - Port:
587 - Username:
[email protected] - Password:
qWa8u9_2
Targets
-
-
Target
Price List Request.exe
-
Size
747KB
-
MD5
a0a880bf0e7b6a57102308f665457951
-
SHA1
bc6a2232a0dbe7386eb53fa953c4c2c4e3916a9c
-
SHA256
70dc2967e31ccf9f220631b921da2b4eeb67501caffcf691144500978b471e63
-
SHA512
bd38bbbc96724afb1d4b8cbac604a2c08a211bf96d84e4ebbb8ffe4515277de68c7bd317417839d50a23dfb87e5814d380e912781c6b3f6fd60d9f31a0ed079b
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-