General
-
Target
PO2018975601.zip
-
Size
361KB
-
Sample
211201-jq1a3sagdr
-
MD5
625cedc1575c8377027e3fe6d3ab3c27
-
SHA1
1868383d770f88562e1f74bdf163041a08ad6ab8
-
SHA256
fbd9accbd658afec40aece3cd8d1a6bcb83c442411e1938a380e55ba939e1065
-
SHA512
299796ca8d474f0f1722c36fd352c01d8ea5fce1780eb486651041c38f37489596895f42ab08a49974a3870c501648cf535687e37628a3675ebaed8b50e9030c
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.modularelect.com - Port:
587 - Username:
[email protected] - Password:
successman12@
Targets
-
-
Target
PO2018975601.exe
-
Size
482KB
-
MD5
c2824b16cd452455bdc2170a28c1307c
-
SHA1
ad49cd0bc221f164ec9abf86668986d1405b9e63
-
SHA256
75258985f5c24ce6f71734acfaaffce29c0a3c7826b22fe25f1debf21180c8e1
-
SHA512
100072707f4ba9f409015ebcc5010fd160ee6f5be300689c079c8035af7193bdd35ebe9a9c1786a519db9667c1f826816d45da3e8da6e158884230cfdd61df5e
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-