General
-
Target
f9b80304746e3ed70ec58bf5da220d1d45271333c8516cfb4475196d4e6848ec
-
Size
576KB
-
Sample
220520-3h127abhcm
-
MD5
f356aa11717392c5027041afced30464
-
SHA1
6566915998d66be2b084125b0b4a44929319c4bc
-
SHA256
f9b80304746e3ed70ec58bf5da220d1d45271333c8516cfb4475196d4e6848ec
-
SHA512
5ed2bdbdf8f5fdeb70942bc1ea8a29184f9f0f23179aceede4c382debdda28a68d68ce257854258495a2bbb67f43673c6431cc5f092f7703c991d3b2ac31ebcd
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ashpraskills.com - Port:
587 - Username:
[email protected] - Password:
TC041018$4321
Extracted
Protocol: smtp- Host:
mail.ashpraskills.com - Port:
587 - Username:
[email protected] - Password:
TC041018$4321
Targets
-
-
Target
E410B98888.exe
-
Size
1.7MB
-
MD5
4fb67120185f1f35a4ee966dd8673eb7
-
SHA1
563837b69516b71eaf64d5bcedf014adbbc45f07
-
SHA256
184f804223ad564aad94a727a9d58543e2d01a308902c95eb328016739938a90
-
SHA512
974c0a2e1f41ea34b29fed609ab9765d6d2c5e352263c367078373be1bd9d8a6032cf75e8b0ebf88de6af90df8cc9154a8a1182a43d4804b0bfaeb83adfa3c75
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
AgentTesla Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-