General
-
Target
a86b3e0f1e9a2b6041c70b059ebc2ca72b2dbe107ebca835225da4bc430e3f8a
-
Size
603KB
-
Sample
220520-315hbshhc6
-
MD5
12ff7e8c828687a0491712960208fb75
-
SHA1
050447aac5b0bd17555eae969114f6c81dca95c2
-
SHA256
a86b3e0f1e9a2b6041c70b059ebc2ca72b2dbe107ebca835225da4bc430e3f8a
-
SHA512
3100ed5d9732fda2634408cb0dc4ca2d531c9572b248638206e6c00ab337d5926173a051fe7a3411f0f7ae0eb97abf7cf407f58fb075496639b6abee30782498
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
^#@&^54433333
Targets
-
-
Target
AWB & Invoice -TNT Shipment.exe
-
Size
772KB
-
MD5
e4a5d743052e9e0c567269b98edda3b9
-
SHA1
cebdbcdcac76701fa99761930e8c80c21d03059e
-
SHA256
d68a3fdd922868d3886be6c90f18cf232a0051b68f8232f67743e5b8df0ee914
-
SHA512
5eb13cf59fd28235f23c0ccef7ce33db109daaadc9d7f6c3f81ba3891f7fe48193bf5119f11db1e637492eaf5567b67fcb4d87600981828024c30c2e75eaba35
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-