General
-
Target
a7fa3a332ea7d186f362474a24327f73dc4ec9c7f5c8d1fecabc36727c2bbc98
-
Size
396KB
-
Sample
220520-3bxq7agfa6
-
MD5
2ac3417fd2c998851570b68cf282a53f
-
SHA1
66892cac7301f2c6fd994eecf90b544f93227ef0
-
SHA256
a7fa3a332ea7d186f362474a24327f73dc4ec9c7f5c8d1fecabc36727c2bbc98
-
SHA512
e66fe46166decf68c1114f51033db6d4f445b547de9e7b9018438fc828abeacf9779f337a45b15ea1f2da1cd3ca88f0556a7765db50421e2cfa084b62c9dc6f9
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.amexworldwide.com - Port:
587 - Username:
[email protected] - Password:
sujit@41#
Extracted
Protocol: smtp- Host:
mail.amexworldwide.com - Port:
587 - Username:
[email protected] - Password:
sujit@41#
Targets
-
-
Target
SOA.exe
-
Size
462KB
-
MD5
91d797b03dd08752add8475a1cbd923d
-
SHA1
5843287d4696cf93e64e3952f959fade0993c0bb
-
SHA256
1c19bcd64c39ebeb4cee087e27d049e032b7c26999edac7fc45372d5717d262c
-
SHA512
2739fb2181e7e04a58625b41f1f7dc2414de7283109e8646a522ef6ffc372a5cf92f62cc4c884246aba70825fd07623e0dab44d21dcaabdec0c26c9980b2d7b4
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-