General
-
Target
c0f4d85e78b0c3df57628f604c44a419aec8661576e55f91033630a2e8d2530b
-
Size
759KB
-
Sample
220520-289xcabdem
-
MD5
b64725b793757667fbee58c15662a23e
-
SHA1
46f0d8d638778b30e44977b26db257e398028cfb
-
SHA256
c0f4d85e78b0c3df57628f604c44a419aec8661576e55f91033630a2e8d2530b
-
SHA512
dd8ef46b2df29e7e4df83ac6b566a6d09b679492c58fc20fd769a962c06b659ad86d85076ac5bd3dfd5be2d9230d9e555ce99c8e7dc78f434db759a5324d49c8
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.corroshield.co.id - Port:
587 - Username:
[email protected] - Password:
sulastri2011
Extracted
Protocol: smtp- Host:
mail.corroshield.co.id - Port:
587 - Username:
[email protected] - Password:
sulastri2011
Targets
-
-
Target
Orden de Compras No 4504423294 20072020.exe
-
Size
894KB
-
MD5
f72cd78d2fe867b28b19f1355e16e786
-
SHA1
93d3e88d203ed5c11f3733a4fea331a368c59b0d
-
SHA256
79b66f49f1e60dc5ab20d82847be8138091d1a14b1d29af0de21175323418cee
-
SHA512
28e6698acdb989b4c24448f1680b40df4265c020f89778ff9c4dd94475739dcdab30f8fb328faef8624bc47bdc2e7b0d6adf34788b0c352a789947bc7fd7126c
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-