General
-
Target
询价40208 Accell Asia Limited Taiwan Branch.zip
-
Size
459KB
-
Sample
211021-ejxjdsafgq
-
MD5
689c50dcf83fdda2fc52db0e921d2357
-
SHA1
34c8f84c4fa4359c99f6a86738c69c8ee4ba4033
-
SHA256
064d84493dc3dd1e95d61931d8e6250338324f533b0b83a918a8390848240ee2
-
SHA512
6e8203a66389929ff277d340e5428be5af5f5b5d03ac7ff5ef18a1a392750c2dd0c095a9b2a46bf8895c363baff767567a67a2365a62a43c17ea38343a6646ca
Malware Config
Targets
-
-
Target
??40208 Accell Asia Limited Taiwan Branch.exe
-
Size
540KB
-
MD5
1a1063bd01a0f01cecb94f9efc1bf7f1
-
SHA1
c4ef80030868b1e8dcda424e082004cc8af4e66f
-
SHA256
bd492d0d70877fb5b6eeb357cb8c57efa47df4d5d7cc6547958da94cbfddd7d3
-
SHA512
5be288dcc77978c974f54cad7822c40c61fb0462efb99d621b99d54ab01343e6f629d257d527a517843c3f58d5f0c38f9dd15d5713433802ada83f71ef056b4f
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-