General
-
Target
e1c09fe2356bac1d7cde4c8bcacbc419a50103c8c9f570aebd6e523c675048eb
-
Size
374KB
-
Sample
220520-3ng69shbh2
-
MD5
f59cc32e8d6581d0b682fa598d91f96c
-
SHA1
f5966674f1542d19f2ef1cdf57d85a22dc54cdc7
-
SHA256
e1c09fe2356bac1d7cde4c8bcacbc419a50103c8c9f570aebd6e523c675048eb
-
SHA512
03787af1b4ef310acd8a3b8ad862e759ae7f7a3d2b68ec6ea4ba84376bdfcf5ea1bbe4e65e4a5c42562ca0191356f2a82c46dd2d84ab128807b8a30673bf112f
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
princehero1234
Targets
-
-
Target
169346302-55937SANWVDDNETP0034-5.pdf.exe
-
Size
424KB
-
MD5
e01f5776aa3be9d844ec4803cd65938c
-
SHA1
ae92877c6a7c20fc4ebdc09ad19fbb35ad8736ca
-
SHA256
2882b139e0141c58c5bf477d9f73e1f1ac336f701c7c1ff312d23d966e73b732
-
SHA512
9efb88ee5d373e651292dac7ac78f8234228dba2dcd4b9b9f7b1eb00ee461c4247ce0f00c1c745d92927be8e99862f2e6fb8015c534cbf4066f931e69ad99d22
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-