General
-
Target
ORDER SPECIFICATIONS FOR MEXICO MARKET.rar
-
Size
437KB
-
Sample
211019-l4f6gagefm
-
MD5
f9f31dd96ae599d502d8c38422170ede
-
SHA1
8685635ec2970e05735dd1a038f6dbaa9076c473
-
SHA256
bec4c8f1b32e5e8a493937b3f72a1e9a65f3f12ce08479ed0fe35fd9a56082ad
-
SHA512
6f26e51f0801745710b9e72d20637e2394964b6acdf0f9dde19ef1b8738a0885fba9082fde0c4dae0a818aa79a61fcba44b1b321c31b1fe556712207fad4122c
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.gmmsi.net - Port:
587 - Username:
[email protected] - Password:
x%Zkxa@7
Targets
-
-
Target
ORDER SPECIFICATIONS FOR MEXICO MARKET.exe
-
Size
529KB
-
MD5
2bcf8ba952a46c964bf95e1f1959a563
-
SHA1
9a05d4f8867f0cc97a18f779a0d385f334c02c61
-
SHA256
cb116c50c8b7ba5e01f32299d88be9e9b9827476e57c026a9be6d0f9f4f70abf
-
SHA512
b23aa97f7752486c8669cc1300382b1c72a6b05681aca376264f4f5d564bc2e0d2a4deaed31b8649b8fe1290339fb768df29af5b45a51a90316a41e1427acc34
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-