General
-
Target
le32xV2d1fLi3Ly.exe
-
Size
732KB
-
Sample
211022-zqe8xacba7
-
MD5
247d01a8a4a8cbf114d54191f2b7a489
-
SHA1
e075551dcccb4a62018fb5c8930327f7f6607ce7
-
SHA256
e17a417f8665f67a18924fa21085bb9940af322c8617ef28c1453a8959491a14
-
SHA512
956b2bda3ebdc73a37ef8b30d1ca5b3e4a37b323ebd0536a16735454f3a1ad4810be3d50a84b3519a8bc76323d2b44d2a886294ff897b5cf68d6c5198c5e5253
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.goldentravel.ec - Port:
587 - Username:
security2021@goldentravel.ec - Password:
chinadusco@5555343
Targets
-
-
Target
le32xV2d1fLi3Ly.exe
-
Size
732KB
-
MD5
247d01a8a4a8cbf114d54191f2b7a489
-
SHA1
e075551dcccb4a62018fb5c8930327f7f6607ce7
-
SHA256
e17a417f8665f67a18924fa21085bb9940af322c8617ef28c1453a8959491a14
-
SHA512
956b2bda3ebdc73a37ef8b30d1ca5b3e4a37b323ebd0536a16735454f3a1ad4810be3d50a84b3519a8bc76323d2b44d2a886294ff897b5cf68d6c5198c5e5253
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-