General
-
Target
d134fc4cd41df64a1aaf5f1498463888cd6ed8e9a13ba5dfaee5a42f61726d0e
-
Size
470KB
-
Sample
220520-3r7lbshdf7
-
MD5
6b56e3c2fab64a44d14e3803977264be
-
SHA1
71f1961963b98a67f387859c64d34f2b93fa7f3f
-
SHA256
d134fc4cd41df64a1aaf5f1498463888cd6ed8e9a13ba5dfaee5a42f61726d0e
-
SHA512
4fe58195ff9fe377a6f331dfc8bc340480ab9ee716ecb8c0ffad8a8079ced19325721ea315165580606fd09e95ffd36bdcf09004aba9255be2e890e6d15717ab
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.albaniandailynews.com - Port:
587 - Username:
[email protected] - Password:
125875.jUkT
Extracted
Protocol: smtp- Host:
mail.albaniandailynews.com - Port:
587 - Username:
[email protected] - Password:
125875.jUkT
Targets
-
-
Target
Invoice.exe
-
Size
548KB
-
MD5
6d0107457500e7cdcc1fd9fafc72310d
-
SHA1
cf6ab74502bc3ab503106dd2c294f71a744acbee
-
SHA256
44301664a4fb5c224f1b6f29a6fb87496874599032c8ec0f093f9a4be5b94612
-
SHA512
34cac6058ba06e32315fa1e200bfa4d77b12fcce3ffe4727faaf9fd4ea6f63d3932f785d0219bb8c746d8b8b60fa7b8c3f73fa6b77cc0b5500968331b49bee15
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-