General
-
Target
107ae6fde9cad4f31daaf70b507c41e4e436fb431939a06cd9bc3b060efafcbe
-
Size
428KB
-
Sample
220520-2967vabdhl
-
MD5
451730a13d6ceb03c0675d339cd8ef79
-
SHA1
b539fecda222ce382e41aa7edafd212d6041c30f
-
SHA256
107ae6fde9cad4f31daaf70b507c41e4e436fb431939a06cd9bc3b060efafcbe
-
SHA512
cefc6cf687d68406147c9561feeaff40ed2d4eda99521db66891f75bc335db285b0a2f21d526cf50ea0d7042108fa01902c7f309dab4209394d65855a838fb86
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.corroshield.co.id - Port:
587 - Username:
[email protected] - Password:
sulastri2011
Extracted
Protocol: smtp- Host:
mail.corroshield.co.id - Port:
587 - Username:
[email protected] - Password:
sulastri2011
Targets
-
-
Target
Order confirmation PO 005 07 30 2020.exe
-
Size
476KB
-
MD5
1094e53b123834f65dbc934ac71c3bd9
-
SHA1
b9b5073ff37c469d5278e11a44e4e6dc616598d5
-
SHA256
a678440e1f830f05b0fac3d40d08457d2358b00534042726fa375955ae02c282
-
SHA512
1a5014a91b5f617863d6464f1804fbb66d24fec293da6b1b9984f6d84142dc2a29eb72a92e396c728d71960919e33a35210a501a64158c7fe1e3d10a9373911f
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-