General
-
Target
Caixa Geral de Depositos_Copia de pagamento_pdf.exe
-
Size
27KB
-
Sample
211202-tcesbsdcg8
-
MD5
ed3366cb849f6d62bb381e66d96b42ff
-
SHA1
41dd0051e764c1d2bf820b753c41f249fd25ba8a
-
SHA256
13f1dfeffed355ec22cb812a98ae895fa0ac4f5e83f9ff5598649b3933f0d53e
-
SHA512
6423e833a759a989a6d23ee03d244771d05c2a292ecb420e5b641ec047fa33fec2ba7e96d909474689480804298baa3d54f554f4e11954b742cd6c10dda7feec
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ingeniumhea.com - Port:
587 - Username:
mantenimiento@ingeniumhea.com - Password:
IngeniumM18
Targets
-
-
Target
Caixa Geral de Depositos_Copia de pagamento_pdf.exe
-
Size
27KB
-
MD5
ed3366cb849f6d62bb381e66d96b42ff
-
SHA1
41dd0051e764c1d2bf820b753c41f249fd25ba8a
-
SHA256
13f1dfeffed355ec22cb812a98ae895fa0ac4f5e83f9ff5598649b3933f0d53e
-
SHA512
6423e833a759a989a6d23ee03d244771d05c2a292ecb420e5b641ec047fa33fec2ba7e96d909474689480804298baa3d54f554f4e11954b742cd6c10dda7feec
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-