General
-
Target
2.exe
-
Size
1.2MB
-
Sample
210422-dknljcr4ya
-
MD5
b86c18379bb65ae5f0360660e03134e6
-
SHA1
7637e6a6a0084b4fb31fd469f904e69555345d76
-
SHA256
3ff025b2afb4238d8f324a45882291f830ff581d6bec17a0cc2d86c58ce5f896
-
SHA512
f482ab69f3c35a09ab35a991deb2a25aaf8a22c3a76885d846795da5247fd139ebf2e60fe1cecad131b33bfba082498f9b62cbfb02f981fcc634869b4b6cbe8d
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
Facebook005
Targets
-
-
Target
2.exe
-
Size
1.2MB
-
MD5
b86c18379bb65ae5f0360660e03134e6
-
SHA1
7637e6a6a0084b4fb31fd469f904e69555345d76
-
SHA256
3ff025b2afb4238d8f324a45882291f830ff581d6bec17a0cc2d86c58ce5f896
-
SHA512
f482ab69f3c35a09ab35a991deb2a25aaf8a22c3a76885d846795da5247fd139ebf2e60fe1cecad131b33bfba082498f9b62cbfb02f981fcc634869b4b6cbe8d
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-