General
-
Target
3d5c0f8108fb9dea496c4ecb93dae7878dce816756b889ef197491848513dfbf
-
Size
467KB
-
Sample
220520-2kfctsfeb4
-
MD5
ee3228ed165179f3cee0e597724e6c54
-
SHA1
788747cda08ba8aaeaefc43d6aa237960e0ca539
-
SHA256
3d5c0f8108fb9dea496c4ecb93dae7878dce816756b889ef197491848513dfbf
-
SHA512
3ec66e264578047c18d403174d59112d0f03a81c9d13a8491e5f700698984d03c6d7f0231eb58a19eb28da497de53e8cd8895618099d624ba9fb8df3497e3e56
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
payment123
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
payment123
Targets
-
-
Target
PROOF OF PAYMENT.exe
-
Size
555KB
-
MD5
89f884a7f504cdb9981f40e84f67a874
-
SHA1
8903e0aa1959cc486f3950d99dac80fe23527c52
-
SHA256
2119e2edacd5fd8a85697a8f271f328c2337ce04fb86d9aa6c38007bf78a0ce4
-
SHA512
532192980bb97a86acdf5be5b45fe22c233635a4a3979673b8bfec644de13a0341594b9553c3867f66c2c5f85e89ccd7b89be7788f0ba3a787c0bc9a5ed6a590
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-