General
-
Target
428d98047ab3264b6c653c4500a1422c25829a9237955c2709da7b8ec38519b5
-
Size
556KB
-
Sample
220520-2jtttsfdf8
-
MD5
edf2351113d871fb353718aa19cefc70
-
SHA1
e909bd8b625b81698ee98efb3e2d5f871578e7c9
-
SHA256
428d98047ab3264b6c653c4500a1422c25829a9237955c2709da7b8ec38519b5
-
SHA512
30ab222cbaaa2daa331cf03b5e2e768d5231a803962bd449060b7b66e2d7dfd9b418df9a15afd3a37d5a4b68fd4011ef63c7ded24d37f47b53812f7137874418
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
kingmoney12345
Targets
-
-
Target
PS-AVP2-202098-20.xls.exe
-
Size
590KB
-
MD5
b7134c001fcf541f93ee8b0a5fadd337
-
SHA1
f153f737b71e4a8cdd59bd3a6ee2910c4941c0c6
-
SHA256
fe6515e661c3c83f45ab0727c45909344f41d8ad37123bcc35af0232378d60b8
-
SHA512
ebea51e10eef8382b1c9d6324a6d5d5e5ad7953681c895af852fea80c57c9b93584ac5a9b72f7db8bd5be301bf4c5b77f8b6d3d9a0348b07f647bad7920be907
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-