General
-
Target
2162a85980400b26f7de11d3ce7c2d7a3bbde29a59932b671fcc3b3037ed668e
-
Size
1.2MB
-
Sample
220520-2z6tbsbcfj
-
MD5
f5afd0b789a9bbb58c51eec773c6eebc
-
SHA1
aefc1d9124c1d5183f9dd184b0a0a9f5dad33790
-
SHA256
2162a85980400b26f7de11d3ce7c2d7a3bbde29a59932b671fcc3b3037ed668e
-
SHA512
d1004d37438a960b6fe52e4e4c10d209a097dbfd4ace72818d1a7e2027fdff9decbc6d197a3fb529ce9b920f477765cd8f302d90a3039bd3a12929322cb23008
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
@damienzy.xyz2240
Targets
-
-
Target
datasheet.exe
-
Size
1.7MB
-
MD5
648d11208985f3b9139fbbb9fa780222
-
SHA1
643756d113aee3eb277f41b2c8d8990b16e726e6
-
SHA256
a596fdfb8997f081dd7674b248d02518f1052fe4b1c384a050f6a82b65816311
-
SHA512
f17d1b14545b99981ad1639d3f30d22b589902533d811a283a32a6deb6f6371114137d2a2e52c5aec325f23f1acd6990e3e6c67413b2a319d5d2bb3f6fe09211
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-