General
-
Target
5.exe
-
Size
337KB
-
Sample
211021-ls12haabb8
-
MD5
4bf09e07b7fc87d82d8115be87c6a12c
-
SHA1
25ddf6b761059153b1fde62904aa234e70c805de
-
SHA256
d0520ad19e2860d5fee803399fbfcb676a47f0eeb98104dbf1eb3396ac10dece
-
SHA512
2f0d40bed0c65bb59be99a6ac7176de896b364b8b8f651d2704320bdae5019b82120029bd1224312feb9b1586895c838a2e03d9ce5093d9774852f06de6b429a
Malware Config
Targets
-
-
Target
5.exe
-
Size
337KB
-
MD5
4bf09e07b7fc87d82d8115be87c6a12c
-
SHA1
25ddf6b761059153b1fde62904aa234e70c805de
-
SHA256
d0520ad19e2860d5fee803399fbfcb676a47f0eeb98104dbf1eb3396ac10dece
-
SHA512
2f0d40bed0c65bb59be99a6ac7176de896b364b8b8f651d2704320bdae5019b82120029bd1224312feb9b1586895c838a2e03d9ce5093d9774852f06de6b429a
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-