General
-
Target
6699468078612480.zip
-
Size
2KB
-
Sample
210721-g5vm58fbgn
-
MD5
50bdd6c7c90b8f92e923fb03391eb80b
-
SHA1
78c4468ffcd3b6af9fc16b3cb2e7443680f9eeda
-
SHA256
72cf1dbe8d4eacd516ca2f4de874ad4b5699966baa9a41b865b68d6bf72ec985
-
SHA512
15076e2fa37994378625429e24a10f36e280f391c7dfacaebdb1fcfee9152c14b29aa9928cd0191e3018863afe2d15b6bf702f580a22d4f6c7b5275db55048f8
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
Neways@123
Targets
-
-
Target
9eb87a2416b79b100ca24fa57d1bfa15fcce90a44f5cbb10353ed7e873394753
-
Size
4KB
-
MD5
d51db0f037f97835cb334b38b4ce772f
-
SHA1
ebdd88a747493385c96da530271e214df874f0ab
-
SHA256
9eb87a2416b79b100ca24fa57d1bfa15fcce90a44f5cbb10353ed7e873394753
-
SHA512
094f8019710b1a176bd5bc55ad34ce36f7e01944d1376ffd8bde1b807bbd4e6cfc02c2903027acf0b6912a0a9d6f39ce3397d37e4106584a6187e90a9483f966
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-