General
-
Target
a0d00088b21aecf4ed9a4b18a2b14d7f184a333b
-
Size
38.0MB
-
Sample
210727-nw2tehxwxe
-
MD5
685c1459780494df4b455e9bacafe9d2
-
SHA1
a0d00088b21aecf4ed9a4b18a2b14d7f184a333b
-
SHA256
f6d53d3d7e1de59bf5d2a3962ff3096c7bbec3549c366717e51bfb74d0bc4a2b
-
SHA512
24a7d67a529541895d07d238cf0b875d0e9e2cdc71a7be5b1faebafaa2a8e738e7f785b223b2e7cf56933e33e6950339c658fd3806fa7da9cf7d96ee91179632
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
serv-10708.handsonwebhosting.com - Port:
587 - Username:
emma@multillantaszl.com - Password:
icui4cu2@@
Targets
-
-
Target
a0d00088b21aecf4ed9a4b18a2b14d7f184a333b
-
Size
38.0MB
-
MD5
685c1459780494df4b455e9bacafe9d2
-
SHA1
a0d00088b21aecf4ed9a4b18a2b14d7f184a333b
-
SHA256
f6d53d3d7e1de59bf5d2a3962ff3096c7bbec3549c366717e51bfb74d0bc4a2b
-
SHA512
24a7d67a529541895d07d238cf0b875d0e9e2cdc71a7be5b1faebafaa2a8e738e7f785b223b2e7cf56933e33e6950339c658fd3806fa7da9cf7d96ee91179632
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Drops file in Drivers directory
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-