General
-
Target
Martina Order_pdf.exe
-
Size
453KB
-
Sample
210726-qqz2995n5j
-
MD5
a2ed4963dfd45090c2112b7ba2422f86
-
SHA1
2bcef9993ffb483d5b7a8d482c00d33c71a28a02
-
SHA256
bcdf684939411112be33475b5422edf1f6b8219b0f1b786e1ad222d2ebbca6c1
-
SHA512
57891e845c2dcaf071ef6e5bae4a6cbb93789f563d84481d1447d4c36aa9f4f13f9d32d743672d8dcd293c1129c2f14e23804f7a19aaa8e0a3e9378e04b4d911
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.mohhg.com - Port:
587 - Username:
admin@mohhg.com - Password:
r:1{cNw4}vJc
Targets
-
-
Target
Martina Order_pdf.exe
-
Size
453KB
-
MD5
a2ed4963dfd45090c2112b7ba2422f86
-
SHA1
2bcef9993ffb483d5b7a8d482c00d33c71a28a02
-
SHA256
bcdf684939411112be33475b5422edf1f6b8219b0f1b786e1ad222d2ebbca6c1
-
SHA512
57891e845c2dcaf071ef6e5bae4a6cbb93789f563d84481d1447d4c36aa9f4f13f9d32d743672d8dcd293c1129c2f14e23804f7a19aaa8e0a3e9378e04b4d911
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-