General
-
Target
New order.zip
-
Size
400KB
-
Sample
211201-qdvcmafda5
-
MD5
e6e26e46caf33463d13355a13a4d675c
-
SHA1
a1780844e0741fd930e46f62821d53f117077758
-
SHA256
277a8ac4a43ecb1ff74de9e5805d35bf7cae3842647b0d25825b4d5472700e85
-
SHA512
254a4d3f8e80243a402c913a8fc19aad4f0fbbfe92a83eb3ceb06c2ff1a35ea1a326a584f14123a7d9c7ed4e4839b4b2d5c17e3d8fc40b89482bfe81afe0eb78
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.gcsenagency.com - Port:
587 - Username:
[email protected] - Password:
supt@3081#
Targets
-
-
Target
New order.exe
-
Size
521KB
-
MD5
e1ffb53e0ba8fa00f3a07655369b04dd
-
SHA1
64a1b8d5626898f7b967ebb0cd7843d5afb33ad1
-
SHA256
788713bf44bd95348a123ef5f7297b6a6157f3c90da6c16cf9c76cb1165b569b
-
SHA512
e610f79540649ee155329e94b7d89fa3e1f5d6a65f80b02f363502d147ff57f11105ee2082d429c1a817600a9e2139ea5ec2e610e08149b7c1c3ab36df7c83ed
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-