General
-
Target
ffb3e4b8b179bbcde516cd97a9063f7ee6076ebafd69269de49e6d09aa440635
-
Size
649KB
-
Sample
220520-1433kahgeq
-
MD5
cb4f02e02e137f21d7e826e1d9640f86
-
SHA1
165a271227917fecda5ea0cdace437c52db3d00c
-
SHA256
ffb3e4b8b179bbcde516cd97a9063f7ee6076ebafd69269de49e6d09aa440635
-
SHA512
390316d54ed9e93ad6a6e3ff4c150268f72184edca117d34e511004a79c23b5f70d7b7d27616f481774e5390d42c9f98944bfbd732897b6b81cee503da0fdc90
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
castor123@
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
castor123@
Targets
-
-
Target
Compact Substation Schematic Diagram.pdf.exe
-
Size
671KB
-
MD5
22534e74fe59355654542d03485f4e43
-
SHA1
145da00e198a15b32935e4d66caaf42ce40cec4e
-
SHA256
dfe001ed1950d612ea59a75c6367629ff0e031853e9f7a12b7f0381a4f20660f
-
SHA512
d619ac7b2fc4de2c41edb3f7f056342253802c10219240dd8ccd71fe3b0da4f3840690216f444aed380ee88db867a5718a4c606f8c2cd786b76ac69141ef27b0
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-