General
-
Target
a7d596f3e0ad4965d39552998f6eccffb7aa7533a1ff3c2614936864509c9a62
-
Size
593KB
-
Sample
220520-3186hscgbj
-
MD5
6fc35c164f2b604586e90feea0303a44
-
SHA1
2535df154d5d3750d57b956d21bd51b7c1fa9e70
-
SHA256
a7d596f3e0ad4965d39552998f6eccffb7aa7533a1ff3c2614936864509c9a62
-
SHA512
b44cd97a920a236f99c49014676e64d4fbc776f89a4a4373e5aa8735acd0e68724b83410c9c763b8f72c4d8c8d2667615df8cb34937b37f5e692d5c340277b8d
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.flsrnidth.com - Port:
587 - Username:
[email protected] - Password:
x{Op,7(4O+yl
Targets
-
-
Target
a7d596f3e0ad4965d39552998f6eccffb7aa7533a1ff3c2614936864509c9a62
-
Size
593KB
-
MD5
6fc35c164f2b604586e90feea0303a44
-
SHA1
2535df154d5d3750d57b956d21bd51b7c1fa9e70
-
SHA256
a7d596f3e0ad4965d39552998f6eccffb7aa7533a1ff3c2614936864509c9a62
-
SHA512
b44cd97a920a236f99c49014676e64d4fbc776f89a4a4373e5aa8735acd0e68724b83410c9c763b8f72c4d8c8d2667615df8cb34937b37f5e692d5c340277b8d
Score1/10 -
-
-
Target
NEW RFQ.exe
-
Size
760KB
-
MD5
dac1de5239180e2069ab67c8a8e7c44b
-
SHA1
0d1400e85febc34131236e94aff353ff681be293
-
SHA256
49700ee70d04597630dacefa2203c0f12f412ece9a93ffdb09ab18e5cce00524
-
SHA512
5d23cc399dfb610b596f8c10065ff45f2d6e4d382325539abbd3566f4211ef305f231a68c762c484681a785d0d1e0384775e990b8e8e1f44ba240724eaa7b392
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-