General
-
Target
e027d468795ab5748de7bbb798ea33ddd356023120d17acee184a30488828188
-
Size
542KB
-
Sample
220520-3nwdwscbdl
-
MD5
cdd46c6d1eb69c12dcd68273820f5aa5
-
SHA1
8034396de063ef661f7987dc122decfdf03019c2
-
SHA256
e027d468795ab5748de7bbb798ea33ddd356023120d17acee184a30488828188
-
SHA512
b62b05a522eef4281d8af8f1bb395068830b179f08a5b49931e6fcc4d8802d2dd278279b71859d7d0220fc8cb66a65f7741c9b478a1c15f724dae4ac3f03a5be
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.epaindemgroup.com - Port:
587 - Username:
[email protected] - Password:
}bf9e+EW5s$k
Targets
-
-
Target
Remittance advice.exe
-
Size
702KB
-
MD5
736d97bf30323f0b3384c41fe0ddbea8
-
SHA1
17ef4b46c3ee13339897a723403c36da848358a9
-
SHA256
6f2ed9ee33724651d7fb52edc4dbb3bfde3c19ca12cf5e990952d392305d1c20
-
SHA512
12ccf84d6a933818cd600b6c0c7f3b91eb0198058c7c5eb90431694d39d5134cb760e74b50d3211dd202a7df93af2412222ad062e763f39e0891aa7b20965156
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-