General
-
Target
32f38adc3199a7d7dccfda31897c4b31630ba3c9611ee4d00d92aee00b9cbe27
-
Size
878KB
-
Sample
220520-2k2wtsaehl
-
MD5
f099845ed8ef1260b2a250d08571f2e9
-
SHA1
37cf60493119a7640a82582e520fe4ba0e408d5d
-
SHA256
32f38adc3199a7d7dccfda31897c4b31630ba3c9611ee4d00d92aee00b9cbe27
-
SHA512
f88b783392ce49cd1edc7a52014e6592cf37ed6f09dfc4f59e6d5e9991405883c8e900c0799e76692cb91905954128b1005822e403ea920c47a2d730cf8bede5
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.memorybasket.co.in - Port:
587 - Username:
[email protected] - Password:
yes@@@yes123
Extracted
Protocol: smtp- Host:
mail.memorybasket.co.in - Port:
587 - Username:
[email protected] - Password:
yes@@@yes123
Targets
-
-
Target
order44159280820.exe
-
Size
1.3MB
-
MD5
eb3e2d74c595fde45a7fc69e2f358209
-
SHA1
16b3bebabedd24b1eb27e74c70166ee69495871b
-
SHA256
9b79d0622124809cc47cc7b7423db95a0aae0f37a60d6a224e181f846ef6206d
-
SHA512
e98875eef2fb28d8274d9f890b3ef61ffb353f51f5e785d13a8335a777b93eb2e0462d5ba830e0e0bcf26abda9a7e08f9d1dce70e62be79f67f5e74ba3d4991f
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-