General
-
Target
Payment Copy.ace
-
Size
427KB
-
Sample
211021-zsjn4sbfdm
-
MD5
c953fcff4f8d8367bad8cb16bc86b71e
-
SHA1
3ef3e2dff28483536d952c2dcb8181094b92e885
-
SHA256
ddc8c1c38c617c6a99201d722284707dfae2a1f76a3cd8858c64b95483729f28
-
SHA512
fcb480f469bf0abbbc87e1661f3588264a9829c04d388995fd37944568f635c637807eecd44cea3d2a7e4a3cbda5457b253add1f33ccc05da0ddef0acd5f4a86
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.croatiahunt.com - Port:
587 - Username:
[email protected] - Password:
VilaVrgade852
Targets
-
-
Target
Payment Copy.exe
-
Size
504KB
-
MD5
76b7a306c697aab9e1a5a152094c9b00
-
SHA1
caf45c939526b48b6d822fc6bec1a4bf8a62a677
-
SHA256
7e0eddc6744c2acde5fcc3a9dc3f6f1e7e1c1b85a1033ae93a0fd53489c71c4f
-
SHA512
f8eb408f40fa5e10e57448a1913d0bd027c4404b83eff75f06057eae6fcb2e8bf0576447218e2ec504936c249be6f97030a5fb3f09238a5998bf0775b7d90955
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-