General
-
Target
RFQ ORDER PDF.z
-
Size
761KB
-
Sample
210726-ptfkmwmp46
-
MD5
835b83e38b692d916ecd2c6312485b2d
-
SHA1
15bad8e82098e5f81ea3f4ad6d1c0cf9d28d44b5
-
SHA256
8eee9dcd24c22797c340cd138ac8ffaaac424147301310204c08b23054e41f0a
-
SHA512
f23ed1a0c3ad1290bcb1190526a79b4992a87c43f61bb496a5916ca188795909b4e1dfa3006f8a2a3bef44a00e1ea31ec25b7d5f2aa779f5dd7854fb156ae625
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.esquiresweaters.com - Port:
587 - Username:
imam@esquiresweaters.com - Password:
Esquire@#2078
Targets
-
-
Target
RFQ ORDER PDF.exe
-
Size
1.3MB
-
MD5
79e39d56ba0b50e790bcc45806ed6f5c
-
SHA1
d949803527abfc42b1b83bf4c46d437dc9d0c75b
-
SHA256
37c527aee5d570f8e66cb11489eb144e0d750337387f0caabe790bb08ba636e7
-
SHA512
9bc41c479b23ace9c6d549ca5e6474ae18a629c689bc90be9bdbcdb33880496117553d5ab8ad63cac16a8b99ab326cdea910a9391786d78649237f662da43b50
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-