General
-
Target
3ec65e121d3ba55db9e47230767bfee0715818c3e1d5bb15020fe5cc771f085a
-
Size
390KB
-
Sample
220520-2kdt1afeb2
-
MD5
fa8663be82ec2b5a48fcda0ae1c9702c
-
SHA1
cc29e4606beddfcaa602becf817c246f0e329ff1
-
SHA256
3ec65e121d3ba55db9e47230767bfee0715818c3e1d5bb15020fe5cc771f085a
-
SHA512
af98ea8e2df4ee5d9fea376834c8edcd4338d5f56f0f99ac1ee6f86066ef11df5009fd96035ab49d57271f011facb42799615f730b8f6a106abe90f228a27d93
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.tpts4seed.net - Port:
587 - Username:
[email protected] - Password:
Krested123@
Targets
-
-
Target
INV13072020PO77463.exe
-
Size
337KB
-
MD5
726878100613c88b1fe3e43ff71fb74e
-
SHA1
2ac040b0933bb1ff367ec3feb72698c37cc0bb6f
-
SHA256
e98b23f13bd43ef55774986242d5a27c07c59d576b6c8a8aff136e98620d87e1
-
SHA512
8afd1514eb6125bea4aa038de169dae906ae4dbc4faa24d39de6b2c77ab4eba81bacc428e1f68519d144cabb6527374d9e3af4829c8f941aca786ef0a3dbed0c
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-