General
-
Target
d65f9f9e8df3bcd66df545994d18187d1720f660264939c7db5c49c66d353b97
-
Size
585KB
-
Sample
220520-1752bsegh6
-
MD5
76e7c0b7bf25f5a6323481cc05a18392
-
SHA1
ed32a1669096f5474838a67f7647249905e589cf
-
SHA256
d65f9f9e8df3bcd66df545994d18187d1720f660264939c7db5c49c66d353b97
-
SHA512
a0a4eabfb4c0f4ec06cd370ee112722771f99c60d0a222c3daea67e2385eb30072139c541c556d3992a409b4bd625cb8795afaecc1314c9440a121102467335d
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
rosemary0101
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
rosemary0101
Targets
-
-
Target
New-PO-0956760-NO-01-08-18-20-Order-Quote,pdf.exe
-
Size
675KB
-
MD5
f1ef93c5b492d3550b37c226159d0aed
-
SHA1
410d4236e2f6d6cdea36a50ee13687d7938fdd5d
-
SHA256
d1b9f876eb33669ae68b5e7b0ac255044390ae1f66e748388c15da65f53c99d5
-
SHA512
a844e6ac7fe8b7adc66f8b1b842c642fdc9fd34587b208ad50a699ca964d7f97318a8bee9e0ee610e80be90ddc4269bbfd6e1f368a19ad92a802d9dddd6c1dd2
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-