General
-
Target
3e2f931e05a98dae448e6f47833debfc.exe
-
Size
60KB
-
Sample
210421-gjwyxjsew2
-
MD5
3e2f931e05a98dae448e6f47833debfc
-
SHA1
801b4031489554caa54648789284c8066da0c23c
-
SHA256
320c5b4c869e9f7905fbad7dc8d58415d105c8fc5b7d7389cc14cd62c8ebd385
-
SHA512
e2aee588eaea897e27f1d834e5295df07010ebb8401208b9d2b4f0aca4f2404609eaed67d7e08e6b3bd82dc4198cf45172713f0d778c1bcd3e50e53ae478ff51
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
hisensetech.ml - Port:
587 - Username:
maxlog@hisensetech.ml - Password:
7213575aceACE@#$
Targets
-
-
Target
3e2f931e05a98dae448e6f47833debfc.exe
-
Size
60KB
-
MD5
3e2f931e05a98dae448e6f47833debfc
-
SHA1
801b4031489554caa54648789284c8066da0c23c
-
SHA256
320c5b4c869e9f7905fbad7dc8d58415d105c8fc5b7d7389cc14cd62c8ebd385
-
SHA512
e2aee588eaea897e27f1d834e5295df07010ebb8401208b9d2b4f0aca4f2404609eaed67d7e08e6b3bd82dc4198cf45172713f0d778c1bcd3e50e53ae478ff51
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-