General
-
Target
f73da6e3ca78978da4a315c102339cefba62472edb4b1b5a2b29510c2427e02a
-
Size
449KB
-
Sample
220520-3jwh4abhfp
-
MD5
8750fb59e9ed37c8475a12b398c42b7a
-
SHA1
787099c1c516b9ca0618c6486e73c9d45c034ac8
-
SHA256
f73da6e3ca78978da4a315c102339cefba62472edb4b1b5a2b29510c2427e02a
-
SHA512
e1988e2fb453bf04c030d9a463e1814bfc078c64208bfeb33569db9889ac77570f2ba7f0e8631003537bf29d8140b0a73c3a05455132199065fd2e232f2e57bf
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Sages101*
Targets
-
-
Target
Quote-DOC-20200806-55839.exe
-
Size
564KB
-
MD5
f9617d7804908aefd57a0280c939a163
-
SHA1
269c52ce62c163d10e7546453e0bdbc0f4b583cf
-
SHA256
1af904f409da269f6ce7e53090ec6ab8420a88e2dc8a0ecfbd2d59884b486e62
-
SHA512
98834144c44a23b896b846342eed4a4ecc05ba6a52b4cf35c30f1f332fa4cb2cac9ffeb104b824c41b721448a33fe317e2a3b3d3e7ebbceabe5aedd9cca0d415
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-