General
-
Target
daf04e29c9a5704348a73065d5bb4cce6214a19e9dd651c67c76f368f5475ae2
-
Size
732KB
-
Sample
220520-3pv5hscbgr
-
MD5
e08837de5707d57d40af268bf28988e5
-
SHA1
38e72e52b0d1f08626b60e8f333128a8607410aa
-
SHA256
daf04e29c9a5704348a73065d5bb4cce6214a19e9dd651c67c76f368f5475ae2
-
SHA512
9dd642edaafdb241d451f0ca068b957c95f3da7f676fc0405df478ba4864f0b3d5b80d482b60a46a5f119a231c4a57964d27c173f9132cebb9167f4ff580afd0
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
71c7eb1f8ba
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
71c7eb1f8ba
Targets
-
-
Target
ANNA MARRA HUANGHUA PDA.exe
-
Size
1.1MB
-
MD5
c7ec791a102fe6f3b690ea5a119a1fe0
-
SHA1
ff661cd67b47c404fd57331e13c1bad7e9def44a
-
SHA256
9a1a0e1fd423407236adbcec0cb74fa7626215f1b91accc4b9e8aa2f269ff315
-
SHA512
40970ce2cef04178e869341c8f5b8e6c998ab1d6e40fdf1336a4e86ece5b937ca516c4bd1dcfd1fb7e3cdae265b5c47b043e4dd8e10ef23e8749fdd1001a6d72
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-