General
-
Target
d4f74ad8c7dd07a4a1d4c93c19e6dd42a3525544331a3c2c274b2a0b11f61c93
-
Size
556KB
-
Sample
220520-18dngaeha3
-
MD5
0e3bd75daa5d6335941dab5aa90bb6e0
-
SHA1
94f0c0749c47762acb131acaf8a49127decae693
-
SHA256
d4f74ad8c7dd07a4a1d4c93c19e6dd42a3525544331a3c2c274b2a0b11f61c93
-
SHA512
3f647e0146aba0ede53e3e4f38a1d93cfa8597f22cf28dbad339e2e117dd29889e43e6144048a8d3be4d7bbde79ab1538450f905d79e4e2be80d0d10ed82a582
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.flood-protection.org - Port:
587 - Username:
[email protected] - Password:
wale2424@
Extracted
Protocol: smtp- Host:
mail.flood-protection.org - Port:
587 - Username:
[email protected] - Password:
wale2424@
Targets
-
-
Target
DHL AWB Details_pdf.exe
-
Size
874KB
-
MD5
1c998bb5af767be742ca8bd5936e4fe3
-
SHA1
5c9466b6bc382a541b474d584d816d5d496fec67
-
SHA256
8a6cdb7717a1c7db76da7b23406ca85b31e7f53a29c9ea29dd832dd821d3d44d
-
SHA512
1d35a93029d5c5a7a6355ccbf457b9c718133be7e8d6816efb093f714b5cf93b3e77232000d17f80ae7a88fe70d685ae7f16248734327dca63ba759ec74da3aa
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-