General
-
Target
d431116fbfd4b834386fb20d350e28f5b4fec9f0b74adec680030f21424f0a9f
-
Size
472KB
-
Sample
220520-28586agdf4
-
MD5
b79ce665677d7afce4cbbeeb7c400ab4
-
SHA1
504abdfafecacfc27cbec2879c5d0936cabd0088
-
SHA256
d431116fbfd4b834386fb20d350e28f5b4fec9f0b74adec680030f21424f0a9f
-
SHA512
7d4384ed601e46e07326aaba957bcc967a80ef44222788a0e85a0b16da7ca759a18b5ae94c019d27a9051958e4017191ac05d874dc0b158e2d9a7ba715b60b4c
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.bnb-spa.com - Port:
587 - Username:
[email protected] - Password:
tPo!47:glt$E
Targets
-
-
Target
Resume For a Job.exe
-
Size
493KB
-
MD5
ab25cea9f47198353f10b89bea4736e3
-
SHA1
05b91a17ff73cdd1f27afeab94c14c26eafb777a
-
SHA256
7965e56d288f6cdd4ae1c7f260dd5ddb1e6fb1c1485ff3d78f50fc1cbcb0b7ee
-
SHA512
fc30f65820ccac91918c528e0ffa3299835c431569e2070ca8dda13c9e789e52dfe5b5cce39f043f7967d1b598a2bf9f48ad124a83a65ef77562bb39fc00f6ac
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-