General
-
Target
b063d4a9942d8b820ad62d2359d5263d.exe
-
Size
37KB
-
Sample
211014-gw2pzsgbfq
-
MD5
b063d4a9942d8b820ad62d2359d5263d
-
SHA1
ed42b11ac340a8b742ce61c2559b0154bcd75740
-
SHA256
25cb04e6ce30f98f9cad9aa1fab3682067d2fee08cc09fe7accf657b2df04a23
-
SHA512
a4890ca4489ca9ccf5271a957dee6e3e2bd9344189cb7096071b0d94fec007f623c83da614722b39229beaf5be1612d180767dc8110ef82262e7f7ae3e10623b
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dpobumber.com - Port:
587 - Username:
dpo23@dpobumber.com - Password:
m~IzyO$8asT+
Targets
-
-
Target
b063d4a9942d8b820ad62d2359d5263d.exe
-
Size
37KB
-
MD5
b063d4a9942d8b820ad62d2359d5263d
-
SHA1
ed42b11ac340a8b742ce61c2559b0154bcd75740
-
SHA256
25cb04e6ce30f98f9cad9aa1fab3682067d2fee08cc09fe7accf657b2df04a23
-
SHA512
a4890ca4489ca9ccf5271a957dee6e3e2bd9344189cb7096071b0d94fec007f623c83da614722b39229beaf5be1612d180767dc8110ef82262e7f7ae3e10623b
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-