General
-
Target
deef496f57a8d9c8c294f0e4f4560b4d238fb7e59b99322fd2bee779b36084b7
-
Size
373KB
-
Sample
220520-2vq73sbafk
-
MD5
9ea6b5f1a3a7e97aa7ed6df4c725e9e1
-
SHA1
5858db1047119ab456a6ff19509d2f0f14afe08f
-
SHA256
deef496f57a8d9c8c294f0e4f4560b4d238fb7e59b99322fd2bee779b36084b7
-
SHA512
ae1767d9b932e9634a2a8536265438e181790c5fe25a6d0a092d0b2901fb0e6840100948fd258fbe5472ce33cb388eeefbbc712575086f674216eb4c91d29179
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.anding-tw.com - Port:
587 - Username:
[email protected] - Password:
7#Sjsj*ebT+2
Targets
-
-
Target
DHL Shipping Documents-20200617_pdf.exe
-
Size
415KB
-
MD5
dba65ad1850216a9949557b91bbe1429
-
SHA1
d0b8be24ab6d8a6ef1e43649cabe35382bebaf59
-
SHA256
c61412d8a6372353d4da626371fb6cd566e503ef4fb23640d4a40cc9a46ed003
-
SHA512
5b5a61fca620e8cfdfbee2465619b26def2c58d68f09faee9ec7b701c7766edc08652d7f70ab3ef0368faa520a2b71757080f3a1fff2d520dcb9153516a638d3
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-