General
-
Target
509a3bac6e2a7761a36fac6352851006dd082db8183ef571a757a3a2001b8ca4
-
Size
551KB
-
Sample
220520-2y24rabbhn
-
MD5
246430088e3ac275ce0ad4bd5b252396
-
SHA1
3197935931dbc5617b793ecd11abf4b1031e800b
-
SHA256
509a3bac6e2a7761a36fac6352851006dd082db8183ef571a757a3a2001b8ca4
-
SHA512
9da0dab8e36c9466db0b9e56e59e6c17ba508faf3603d2e97c34dfcda3e5c7ec96b84763e9fcde3e917b9209d99a6f865a9eecdd5a50c131ece04ceb1df1420f
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.desmaindian.com - Port:
587 - Username:
[email protected] - Password:
vU}t$13*orkO
Targets
-
-
Target
MV ERLYNE.exe
-
Size
677KB
-
MD5
9456c0eeb4cea5cbc9e2586d8c06d617
-
SHA1
d0d5b49852338b29d345b53a36658a625937ea55
-
SHA256
39ee4970955c00558113be278502d7a8039fbc7fdfbc55e755dfdea14d4193c6
-
SHA512
a5365ddfb229b95e4102c9124ec3c78cd15272f236f07903d1c62ed08d6e0419ed14af1e12fac7a22e9bb17e9d11cabe67b56917092ed9c4e698fd2149c90255
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-