General
-
Target
DmpaXFlZBIW2jGG.exe
-
Size
897KB
-
Sample
210722-sgcw3rbx7j
-
MD5
c665a5f0a16497e73f40203a95baa253
-
SHA1
0f69e08f761766d60a0884fc2b88258c78116322
-
SHA256
12cb2d376ff851b5fd9c84646c29c5a13e086e542d5c8c247ccd127247c7cb24
-
SHA512
58f6e7dc3c74a3970bb9ed2b38149dde01cbb39500d31dd43ae69f61979fdec6f0ed0a1981ec881b4eca6b3c87213e29eb9156d735200a96a5da15c13bf639d7
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.tccinfaes.com - Port:
587 - Username:
webmaster@tccinfaes.com - Password:
transportes
Targets
-
-
Target
DmpaXFlZBIW2jGG.exe
-
Size
897KB
-
MD5
c665a5f0a16497e73f40203a95baa253
-
SHA1
0f69e08f761766d60a0884fc2b88258c78116322
-
SHA256
12cb2d376ff851b5fd9c84646c29c5a13e086e542d5c8c247ccd127247c7cb24
-
SHA512
58f6e7dc3c74a3970bb9ed2b38149dde01cbb39500d31dd43ae69f61979fdec6f0ed0a1981ec881b4eca6b3c87213e29eb9156d735200a96a5da15c13bf639d7
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-