General
-
Target
e054cea40c372cf6dd7e74fe10187d0baeb8158fb2ef74560ac6b43f5ad1caa9
-
Size
468KB
-
Sample
220520-3ntv3ahca9
-
MD5
f0aafc8a39b47b86c342836015b284cd
-
SHA1
bd45a6b98e843f5f917ce1577008df9c0a52292a
-
SHA256
e054cea40c372cf6dd7e74fe10187d0baeb8158fb2ef74560ac6b43f5ad1caa9
-
SHA512
1d4d084fa289c26262c765600392f64fd7b6cdfbeac953f79ca15f7235fa2f6d7665e59e324e5164a20388da92557731a7d79f30aa38e63451623b073ae80c62
Malware Config
Extracted
Protocol: smtp- Host:
Smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
Alibaba1
Targets
-
-
Target
Heathfield & Co - Account on stop.exe
-
Size
718KB
-
MD5
1815b01b7ce2d654e73f9d3d8ee3cfc1
-
SHA1
85e70558bbbb4da84e726c008e031321d6ff889c
-
SHA256
8fb8a337b94a64f00007322440c49dbcb8cc3f16c719cba78094812e487b5e95
-
SHA512
b42784d918daf908c8c712c429aa82cd510998be1b431fa2b0a0c6cd135dfad912e488a839550241fe95d40412b5ecde06feff1dc330a096df84b67eb60cfe34
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-