General
-
Target
Outstanding invoices.exe
-
Size
528KB
-
Sample
210408-9p9897j126
-
MD5
95df4d14a28e363ce70d5d7962427c24
-
SHA1
ffcdfb4eb40d64eb13e50ee13c0ae9a73a9ee8ee
-
SHA256
e9573722d616d444c71e82f1ac6973921f3c942af4403760e0292b3ebf9159b0
-
SHA512
983c7bb6d01ac1729c86fc994ebbb9bb40b1dd1bd27b2ff96d8a32a3b1b547d1fb2fd3e2f24d2b8b5cedb1e10dbb666a6ced71b8d89c94595ed3b46cc8df16e6
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.babcockvalve.com - Port:
587 - Username:
ziara.landa@babcockvalve.com - Password:
hA$ks@%9
Targets
-
-
Target
Outstanding invoices.exe
-
Size
528KB
-
MD5
95df4d14a28e363ce70d5d7962427c24
-
SHA1
ffcdfb4eb40d64eb13e50ee13c0ae9a73a9ee8ee
-
SHA256
e9573722d616d444c71e82f1ac6973921f3c942af4403760e0292b3ebf9159b0
-
SHA512
983c7bb6d01ac1729c86fc994ebbb9bb40b1dd1bd27b2ff96d8a32a3b1b547d1fb2fd3e2f24d2b8b5cedb1e10dbb666a6ced71b8d89c94595ed3b46cc8df16e6
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-