General
-
Target
PO#67890345201.exe
-
Size
631KB
-
Sample
211202-hqya2sfea8
-
MD5
4cb1db6fc2e75ae919a6e006ae467d6a
-
SHA1
386fd2b6440e5e0c2cbc6beb45cae3dec76faeec
-
SHA256
8527c00ea28ed609e8a8c71c85adc9dc4a23dc8068b98902d77eec15425cb1fe
-
SHA512
1fd5a9298fa22950c6631297de878625327e3648cae61ff8e37ac7e3ba9ab84101c8da041beed66b9d6a89c9093efd9937bb3e097b11af91672343a71ac83cdc
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.modularelect.com - Port:
587 - Username:
[email protected] - Password:
successman12@
Targets
-
-
Target
PO#67890345201.exe
-
Size
631KB
-
MD5
4cb1db6fc2e75ae919a6e006ae467d6a
-
SHA1
386fd2b6440e5e0c2cbc6beb45cae3dec76faeec
-
SHA256
8527c00ea28ed609e8a8c71c85adc9dc4a23dc8068b98902d77eec15425cb1fe
-
SHA512
1fd5a9298fa22950c6631297de878625327e3648cae61ff8e37ac7e3ba9ab84101c8da041beed66b9d6a89c9093efd9937bb3e097b11af91672343a71ac83cdc
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-