General
-
Target
00abddcc3b55414b6579772cd9f94efc5965ac8e632cfd3561ed9b4f13ab186f
-
Size
400KB
-
Sample
220520-2pvy3sagep
-
MD5
6a0f89930eff2fea26b3c57b033f9182
-
SHA1
630e4c1bd6ed7db3ab7460b213a258e3cd7b8bc6
-
SHA256
00abddcc3b55414b6579772cd9f94efc5965ac8e632cfd3561ed9b4f13ab186f
-
SHA512
03945234804a0028445b78709f5237a27e173178d4e8d6cac6abadccdb0845595cd9aff1c5bcc82b644d217c6ffa8d2109a056f2d75e10f7f66b3b09e95ff912
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.pharco--corp.com - Port:
587 - Username:
[email protected] - Password:
tHKfMRa2
Targets
-
-
Target
Documentos de envío originales.exe
-
Size
444KB
-
MD5
1d9114f765f11b4c354cefe6c2986693
-
SHA1
b9e6ada77040913608f93e68486e5372879b504c
-
SHA256
738555842fd28072fedac20f99de12a1f64724d834bfcc3be9c857ca81708660
-
SHA512
b40053d19d7670ecad1cb2dab8305f400c9b20e7edd9fffd1aa5ab62c84eabb3369dd29a90fda7d7283210efe2df0b5d75fa4a6e85f1d2b6274f8c0084d55966
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-