General
-
Target
1fb5662d4250c040f62f71196576ada28183f4890d8eafb7822f102e4aba1702
-
Size
278KB
-
Sample
220520-2tgbgsbabj
-
MD5
0b0a39378ead15f5347dc4dd98c2cd51
-
SHA1
bf38acdbb9ea23e9743e3ca5e2c60ed15f7e90b7
-
SHA256
1fb5662d4250c040f62f71196576ada28183f4890d8eafb7822f102e4aba1702
-
SHA512
f4f363394448056430e1f49f202d7996b3b211e7ba8ea72367ccdc8d7d25af01533c8e92e3a3357cb6152f2c439b3f7c9973dab593adc0ade4c27330e59a8a12
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
@infinitY1234
Targets
-
-
Target
order 3926-Data list31072020_pfi3.exe
-
Size
709KB
-
MD5
4ed1b57b86dd27f7dd4ca79718be512e
-
SHA1
6a653d51b733d7da24390759240145e422ea07b3
-
SHA256
0e259671cbd2d052be8f668fc53c67a0407ea7fd730d880ca60f7f1a94bea34f
-
SHA512
523ad03b25d46af415e8f87b18a85b25c2713176fc81f2011ecc63de8ac4fb6b05edec6c6b1b2d1931271e769fada9c6d4600ebd67afcd215a70ccfd2682ef06
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-