General
-
Target
11464406915eec077965dd4d47c329c3cd04afb3d481f1e65766f9b60e030c47
-
Size
496KB
-
Sample
220520-2nqb7sagbm
-
MD5
986ecddda7eb06cea968cef511208543
-
SHA1
0eb8b663786525322bae9202743a72f3f216679f
-
SHA256
11464406915eec077965dd4d47c329c3cd04afb3d481f1e65766f9b60e030c47
-
SHA512
d60b89f3f25e5b63cad2d6bbdc4423cc77a5bc68457b13804a6840774d954a44ba1a81fec08870c1761b660a94a4a9f3026e65d7d8cb4400234d1606555e169c
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.epaindemgroup.com - Port:
587 - Username:
[email protected] - Password:
}bf9e+EW5s$k
Targets
-
-
Target
P160999.exe
-
Size
626KB
-
MD5
fd59f29a613cf82bf56b03b066c49a36
-
SHA1
7c5310054b246c6a7fd6d3a602201b5d19ffb8bb
-
SHA256
fda323de5210f1ec46ee237d0e58558d78d34474ea282bf5dd1ca448c5ad369b
-
SHA512
c13b85ce5d7d0cab137e41197ba9ea29ff60193f1cc7c3b62451085c80caf97158328f5ec2a54eddd1a51c180d1dec709a43e2cbe8658c136cf2e26fd2d21b24
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-