General
-
Target
d23706e0b22d5a51cb7973c8343db551b427baaccc7c0222416a9039ac85a7a2
-
Size
416KB
-
Sample
220520-3rvlrshde4
-
MD5
b1ddf8c9110d3af031421151f027aad7
-
SHA1
9440c648c4613377ff3ce7bb1800cee4d7144102
-
SHA256
d23706e0b22d5a51cb7973c8343db551b427baaccc7c0222416a9039ac85a7a2
-
SHA512
efd4cd56a940a1ff869c7d2d63118b5f34339150203d7090e63d979cd2d892ebf18ff51011a81f42af932816ee9742bba013258c698841990dd92eaa69cc92e5
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.rajhibulid.com - Port:
587 - Username:
[email protected] - Password:
chuks0147
Targets
-
-
Target
payment advice.exe
-
Size
458KB
-
MD5
9a3578fcc5f1a7eb34775cf349fcab48
-
SHA1
5ca4483e86d077eaa6d18299dbcfb156d3abc98b
-
SHA256
c7f5f7669d517c51c3d5417f309c365f7f0a8dccc9a205626caf345805c5f653
-
SHA512
6782bb274c37c14b9a522a2563edf8fe894f5e6190de4f70dfacdaf2601e75eb506fb28f31861324677233253df12c6e5e8f55e2ce5e4abf3a203884d6cddcb8
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-