General
-
Target
Overdue outstanding payment.r11
-
Size
484KB
-
Sample
211203-wvxf7shbdr
-
MD5
ed2d2640ec7eb6f2d5ef9a87e2a1c712
-
SHA1
502648648ef4f7ca1829574f76e03946c0b72205
-
SHA256
167c0ee245fd2797cedb1fdc049d295f75d24a59c48a715a0a27e9508134dd67
-
SHA512
a227bdb4f3262e23da145b3a3b374901b0d910582b04eea9e7c80e3392357b5f6e175255ebda61ce210f306df1be52d90adcab761d695ecb028012cec573fd51
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot2129831935:AAFsDWWUF1IwkP0mys1D0YX41mjPAs-L-eU/sendDocument
Targets
-
-
Target
Overdue outstanding payment.exe
-
Size
529KB
-
MD5
531e86d55ddb922cd268147ac004f604
-
SHA1
ea2dc2bf2a84d3f0aae358a0951e962ee8418f82
-
SHA256
d34b4cfc530b91d44ba82a15cdb948e4424e30ee57245f4792c8303d202df173
-
SHA512
c58a1a1c5af776464473bd66a1e0f04ebcc749bf2a3b0c346ab6b3c64aac59c28f31a1b45d4c739edc8e578c2055a757c498b20a0f674eef7ea3369e9382934b
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-