General
-
Target
PO15410.ISO
-
Size
1.2MB
-
Sample
211021-eqc4bsafhm
-
MD5
a9cf31668624482f4655bad515eab196
-
SHA1
1d11d6c022150257aaef340c464a4e370dec7536
-
SHA256
bd3690f0dafd5a4880e1d28c78c0e230451dc04b72ca97a030463d45f8a8ae19
-
SHA512
f19f3c12f75c16095ec7c917cba8d33d6a175d8390e412a928d64a8857169c94723244cdecc249387febce6726e949660b76d0927eae5b5038e53833a163759f
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.tanzanitecoffee.co.tz - Port:
587 - Username:
info@tanzanitecoffee.co.tz - Password:
Tanzanitecoffee2018
Targets
-
-
Target
PO15410.EXE
-
Size
444KB
-
MD5
9b1519dc04911fd229573b20acad1983
-
SHA1
05e54448c5a980debe1f3b6478e3ff38b0abdaf9
-
SHA256
3c6e548734714e341da1909e80c49a7433955d630fc2eb4ddc9c1cd26d366c09
-
SHA512
0e7d57095af4af2b9ffbe7d94a33c346ea7da04a1df8300da2c9cd7661aeba77d91ba055f068ba75d2169fbf76a7c67cba728d5442aebc053c45bcea39a31a1b
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-