General
-
Target
f851ef56bdbf47bd652a2cf5604da9fc1675e7d34256357866234531464d9cc8
-
Size
380KB
-
Sample
220520-3jh8rsbhep
-
MD5
1141c64f9d62b3270c48670a458bda1e
-
SHA1
58767319a14e6aae5d1f6963d870b2e2cd8e6e0b
-
SHA256
f851ef56bdbf47bd652a2cf5604da9fc1675e7d34256357866234531464d9cc8
-
SHA512
9a156c3f51f5179993ae6ff61938fb56591eb3bd040636326970f1bce1335b8b198b9411c4dbad69e7d4f8a092e3c7bd864b197b27443fbf003ee84c73e6a1b0
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.moorefundz.com - Port:
587 - Username:
[email protected] - Password:
g7g2Ig?Aeh_+
Targets
-
-
Target
PO#45302925_doc.exe
-
Size
481KB
-
MD5
dc214cfdb580a61d884ae8e13d3badf4
-
SHA1
c12371c21be0bca42e236c954b0c5e9f5163fd25
-
SHA256
6f80781abdf53463e9829499b179a5ad25b99bfe37dadf4ee69deada26efd113
-
SHA512
cbb4ff0c2558de341902aed929dc1de75d655f59dfb794932c86fcf8736fcbf375079e783b39e1f7de1b74d9c40934f8d56618078520771bdf4dae87e8f954cd
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-