General
-
Target
b7c38782cc83c5dbc4216b59934a87c7a4684ac9d24e3f1074201ef819c6e3df
-
Size
548KB
-
Sample
220520-3ahkwagec8
-
MD5
8b55c98c9b19ed642e8c640c099d7600
-
SHA1
ce989e474c433e50eea3fb2ad43689b14a197afe
-
SHA256
b7c38782cc83c5dbc4216b59934a87c7a4684ac9d24e3f1074201ef819c6e3df
-
SHA512
2dd4e0b037798cc4a499147f8e841e1e49038c3f9f7701eedf09dd31d3a40f2dcd209bab6684cca8d4783d376bb2aa54e8ec877057c676d4ea3b5f858319b897
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.solarcenter.ro/ - Port:
21 - Username:
[email protected] - Password:
G,*C8w!FpT6vRSv%AL{k~wATNN@ossyguru@00998877;,,z_sFo6BO5
Protocol: ftp- Host:
ftp://ftp.solarcenter.ro/ - Port:
21 - Username:
[email protected] - Password:
G,*C8w!FpT6vRSv%AL{k~wATNN@ossyguru@00998877;,,z_sFo6BO5
Extracted
Protocol: ftp- Host:
ftp.solarcenter.ro - Port:
21 - Username:
[email protected] - Password:
G,*C8w!FpT6vRSv%AL{k~wATNN@ossyguru@00998877;,,z_sFo6BO5
Targets
-
-
Target
FACTURA_FISCALA-RO81061402-6403840980PDF.exe
-
Size
487KB
-
MD5
7de189acc12e343f3537bb9a2312b998
-
SHA1
85394be62d5140f6826c5182ec1f6ab9e1ad15cf
-
SHA256
27088cf834d140f690c686ff02816becbf8a6ca3d329c53a3957bcb78514b736
-
SHA512
5f00f191865f6d95e29d443a7c1a45a3cce2e2bc95ba118b833c6af90a49b5d3eef738d4d823566204223c81fda1023b28eca6d26ace28ec9782528dfabec50a
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-