General
-
Target
46cb4d0155b6433669dcf837623ccf450a1c8d2b2a6723d06bd35c2200705efa
-
Size
491KB
-
Sample
220520-2jlhfsfdf2
-
MD5
4e7bd3663e29b80b0d167707588d8377
-
SHA1
d81c8cfb2696bae08d7b335e3026179eb373fe5c
-
SHA256
46cb4d0155b6433669dcf837623ccf450a1c8d2b2a6723d06bd35c2200705efa
-
SHA512
6ecac11164813c2533e3716fb64ac560aa0ddacadf7bb8bbf613f2310f51072698ecd64f2404a895a42197faced4a47e6eb57ed160be802c6749ecb63c923d43
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
kbasaxxuxlnlqqlt
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
kbasaxxuxlnlqqlt
Targets
-
-
Target
PURCHASE ORDER 08312020.exe
-
Size
524KB
-
MD5
9a82d13952cedfd54981e27b52ec5e46
-
SHA1
59cf1da6becb58c4717c8d5ed9f3bd808ba00ad3
-
SHA256
0155cf3feaf162d21ca9611219242fbe79ce0100930cdec25291810f86eeeb91
-
SHA512
76910e81be9984346f9a2bff199aa59722743b6729dc9855caf63f89dd4169af65a04a6389bf71aa8d663cd48fbd811ef60cd951058bf2dcb75c758c27652ddb
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-