General
-
Target
Overdue outstanding payment.exe
-
Size
529KB
-
Sample
211203-tfpfyahaak
-
MD5
531e86d55ddb922cd268147ac004f604
-
SHA1
ea2dc2bf2a84d3f0aae358a0951e962ee8418f82
-
SHA256
d34b4cfc530b91d44ba82a15cdb948e4424e30ee57245f4792c8303d202df173
-
SHA512
c58a1a1c5af776464473bd66a1e0f04ebcc749bf2a3b0c346ab6b3c64aac59c28f31a1b45d4c739edc8e578c2055a757c498b20a0f674eef7ea3369e9382934b
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot2129831935:AAFsDWWUF1IwkP0mys1D0YX41mjPAs-L-eU/sendDocument
Targets
-
-
Target
Overdue outstanding payment.exe
-
Size
529KB
-
MD5
531e86d55ddb922cd268147ac004f604
-
SHA1
ea2dc2bf2a84d3f0aae358a0951e962ee8418f82
-
SHA256
d34b4cfc530b91d44ba82a15cdb948e4424e30ee57245f4792c8303d202df173
-
SHA512
c58a1a1c5af776464473bd66a1e0f04ebcc749bf2a3b0c346ab6b3c64aac59c28f31a1b45d4c739edc8e578c2055a757c498b20a0f674eef7ea3369e9382934b
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-