General
-
Target
Image001.exe
-
Size
612KB
-
Sample
211202-ww16sabahp
-
MD5
ff1b46d412d2890828fdeee1d983dea1
-
SHA1
2c2c60bc32b11f866aed66f29ce30c362b352567
-
SHA256
3f9f72ec6bd759569e783528a4a2e0426472dfae328af93afbf9da273e92adf5
-
SHA512
d6ea42338428fc9da1552c1879b334b4a70f121eb9c3fce31b513bc86f2eca5a7ba7bb17a6ec059910b2fda3f2bb6717a975828f6de985630d0420bde153333b
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cgyasc.com - Port:
587 - Username:
castilloo@cgyasc.com - Password:
Castle1
Targets
-
-
Target
Image001.exe
-
Size
612KB
-
MD5
ff1b46d412d2890828fdeee1d983dea1
-
SHA1
2c2c60bc32b11f866aed66f29ce30c362b352567
-
SHA256
3f9f72ec6bd759569e783528a4a2e0426472dfae328af93afbf9da273e92adf5
-
SHA512
d6ea42338428fc9da1552c1879b334b4a70f121eb9c3fce31b513bc86f2eca5a7ba7bb17a6ec059910b2fda3f2bb6717a975828f6de985630d0420bde153333b
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-