General
-
Target
New Order List.exe
-
Size
369KB
-
Sample
211025-t3nsxshcdm
-
MD5
b1e2487e67ca99aa2ec8e90a85fba689
-
SHA1
7923fb310de2020fe2ceee7172cba946347b9c78
-
SHA256
606ccc9d7d6cef071c3b52a5992dcec6f4c1545c63f7e832b564131529692334
-
SHA512
716bb3a4ea9ea3558c7b8562bd8711519d7d9b46e4e31a16a142c115b4f07cd1298ba232715a83825e07e8fedb4cc0229c1add34dcb8e19ac52a70cff8e0afe0
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.crosz-trade-int.com - Port:
587 - Username:
[email protected] - Password:
)^eE(m@1
Targets
-
-
Target
New Order List.exe
-
Size
369KB
-
MD5
b1e2487e67ca99aa2ec8e90a85fba689
-
SHA1
7923fb310de2020fe2ceee7172cba946347b9c78
-
SHA256
606ccc9d7d6cef071c3b52a5992dcec6f4c1545c63f7e832b564131529692334
-
SHA512
716bb3a4ea9ea3558c7b8562bd8711519d7d9b46e4e31a16a142c115b4f07cd1298ba232715a83825e07e8fedb4cc0229c1add34dcb8e19ac52a70cff8e0afe0
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-