General
-
Target
74e5ddb3028e7a262d6c7a07e5e55eed24c0a58207a33d4ae6222a408943853a
-
Size
473KB
-
Sample
220520-3ex65agge3
-
MD5
a88f1d8fc83b0ff7cdf8b267856369a3
-
SHA1
38d46f397cf639966d328a2a54a95c9df9ef6e93
-
SHA256
74e5ddb3028e7a262d6c7a07e5e55eed24c0a58207a33d4ae6222a408943853a
-
SHA512
58c35eee3db7b49bd3d514a43f2b89c12d2642b17e90a9da5ca73411b3b9e63175c1e5690d7bf73118146491e122ae9999f0f4eace683b5e312b22a1cc6adba3
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.pharco--corp.com - Port:
587 - Username:
[email protected] - Password:
tHKfMRa2
Targets
-
-
Target
Solicitud de cotización.exe
-
Size
679KB
-
MD5
6bf9ede7464a7cd8953482ee223518a4
-
SHA1
7cf5d0eb015caf6cb1770f2599214b9dcce5f218
-
SHA256
3e5980130a71380ae74f8c78adef222ec9f8461dcb67093ebef493cfc984c64d
-
SHA512
2c34e519a148cf76203a9bebdb4a698df69360f406c234a706e5e83d35e6b37c848b68e2651b503af545fb29eabf5a491b93e92d0d42bb27eae8ebe5a8144f02
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-