General
-
Target
Purchase Order 2892808.gz
-
Size
518KB
-
Sample
211014-fk9qsagaeq
-
MD5
f07c261ba4962987202f1fcf1caf6a2b
-
SHA1
93ceea4ba93474c0efde5d38d840b241e3bc490c
-
SHA256
230490d1bc0790dc0beff66b50ed03ccaff43259adc28aa29926a5a723ca8af2
-
SHA512
5a4181bb2f6ace44c9b580f706ab7525ef0184d1841551318766a8e629d09cf25e38dbbe6bc8f4fb7927aaf712f4864b00190182fcece03b0d34807517e30370
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
webmail.emirtecnt.com - Port:
587 - Username:
reporting@emirtecnt.com - Password:
Amazinggrace123
Targets
-
-
Target
Purchase Order 2892808.exe
-
Size
562KB
-
MD5
54c9b215e30e50b7f9f559b414737d10
-
SHA1
56015460883c19c741a26b9d94b27952f67ec656
-
SHA256
9b674819f4cfeff2ecac04486fa031d913d78e5649dee0e3acf0b4078f4fee74
-
SHA512
1d15db38dff0619df154ec814a192076909f6de6133c8aef189b4189c3b1e5a8e3e51681dd4a691c1beb4758a0605ef3537d0d7b0fa006fa840423376457e797
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-