General
-
Target
SOA.zip
-
Size
386KB
-
Sample
211202-jqaqeschap
-
MD5
826adcdaa7b74de17ef453c58dd3b27d
-
SHA1
b49e262246b2bdc55abef0d61da812577b28ccec
-
SHA256
49785076c618fb94dd4418fde1896e9c830119b8750c0ec8acfa56ec06a474a6
-
SHA512
8b3c2cd91b65e2a740c23c22a9b5c6b2531d43881a047378ce729b46db1b69f5a5eef98f4bad9b4b35694366d3e1207807e8228bb9b9a9f486e6001f88d93fd6
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.khawambros.com - Port:
587 - Username:
[email protected] - Password:
1EJRh0xnEN549JSbdZHz
Targets
-
-
Target
SOA.exe
-
Size
482KB
-
MD5
c19417f92b007af50ba9ae328c693d0f
-
SHA1
7eddf0cf2dcf2546e7d679bcd1341591c6f5d3ae
-
SHA256
ef0c12e1c56d5e674a83f56e8e21b485bdcf7d45e0c97e02669d5e8604cebafc
-
SHA512
700153ca06ca6b43a053db6ac1ead5e9de6e3f27426dd362d67fe5fe5064948c56847503965c2846f0304a2365d5f34f1fdd119c445770e1272b68926b5d9041
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-