General
-
Target
2395681d2d2b46d39db01f70a63001a54dc8231c6a8fd987f637847aa3f8aac2
-
Size
452KB
-
Sample
220520-2l6w6safdl
-
MD5
4bdbb28df8dce933425de8edf0de5f75
-
SHA1
dabc061fc3bb57932acd20d7cbd8a8476d1ee489
-
SHA256
2395681d2d2b46d39db01f70a63001a54dc8231c6a8fd987f637847aa3f8aac2
-
SHA512
2a939375b356992af24724e0eec37fd7b9cb40bb8f738ebda28ca9fee700862826361a24b59f8404b3a2e751cd7d92a671c144d98164907d133d97fa208046d9
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.shinema.com - Port:
587 - Username:
[email protected] - Password:
$german2019*
Extracted
Protocol: smtp- Host:
mail.shinema.com - Port:
587 - Username:
[email protected] - Password:
$german2019*
Targets
-
-
Target
NEW ORDER- 25MTS 40ft FCL.exe
-
Size
582KB
-
MD5
fc31bb65b03b2c8f91871ba17202d4df
-
SHA1
c67107756f4417e6366c0b7b9f1b8c2e6a23aabe
-
SHA256
b72bcd64494415feb4ad5fa6b6195e56ffc00396f4e135d3e8d2312ee6fc405d
-
SHA512
fdaefb16d84d888b33fb14500ecf89300afede2020d85855114b5d19cdf250f4eac3700b93195a2973e0244a580e8d57652b6109f8e2227d58046ac7bd05fe5a
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-