General
-
Target
d2d824ccfcd9b4d692888e14b299c48ed8b6b45c8788975142a1537e9ed59714
-
Size
439KB
-
Sample
220520-3rm7pahdd7
-
MD5
8a5822d6872f74b007dc8d04ee166fd4
-
SHA1
f29b1e2c6d5605d84aef1d6aaa8b0273b70734e0
-
SHA256
d2d824ccfcd9b4d692888e14b299c48ed8b6b45c8788975142a1537e9ed59714
-
SHA512
7b0e498fc145dd9d531e237ff10307d31691ed47e0ccb860e83e17dab23978b8fefb29a51cca9f76f882d595277958c69a176a10ef6ef96b6ecb0a5569a1020d
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
jose2130
Targets
-
-
Target
169287394-75414-SANWVDDNETP0034-3.pdf.exe
-
Size
620KB
-
MD5
e7039a6bab57769e5d31dd8f6b205942
-
SHA1
6bdbe09b0ef07742e30efe017c87989b21c46266
-
SHA256
3495ebe6b428bddfa71646ed4e09f1f707d7b8a512549841c96d88bc03f328db
-
SHA512
66ca67f015f556349f6ffceda23bf3a4a6696fb0c70bdb35baa5b66c7fe183ea37b1d730b0460a14026b18f65ddff1a3dada737c3921989ec96cbfc3117b814a
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-