General
-
Target
1089765423012021_inquiry.exe
-
Size
560KB
-
Sample
211201-vnkndshcf2
-
MD5
b47c3006b43aff7a9c395e6ddf7d65ec
-
SHA1
785ba2f4990bf8d8ee4a3fb8986131756338a662
-
SHA256
c5c10a5a97d09d2545fa73ab64459b2fdaeadf3ef2a08bceadcbff26a69b65f5
-
SHA512
8fa5c1397532acf8abab18e63b29072117fbf1b9139520be74d2d9261efe448aa9a05218ee09402085340b352f754d77dc3750af96845b425ad0fe6404088aa8
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.modularelect.com - Port:
587 - Username:
[email protected] - Password:
successman12@
Targets
-
-
Target
1089765423012021_inquiry.exe
-
Size
560KB
-
MD5
b47c3006b43aff7a9c395e6ddf7d65ec
-
SHA1
785ba2f4990bf8d8ee4a3fb8986131756338a662
-
SHA256
c5c10a5a97d09d2545fa73ab64459b2fdaeadf3ef2a08bceadcbff26a69b65f5
-
SHA512
8fa5c1397532acf8abab18e63b29072117fbf1b9139520be74d2d9261efe448aa9a05218ee09402085340b352f754d77dc3750af96845b425ad0fe6404088aa8
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-