General
-
Target
cc5cb1fc100eaf26330621b11d04e6ec52e2611e6fab832f6c52d325f9b19c50
-
Size
694KB
-
Sample
220520-3s3nrshea9
-
MD5
2ea3c6475069d45d561da17ffeb5d9dc
-
SHA1
b0879e5f15f3dcdf000726d7ab025237281e32da
-
SHA256
cc5cb1fc100eaf26330621b11d04e6ec52e2611e6fab832f6c52d325f9b19c50
-
SHA512
840b438b717b1971e3b65455f10fc0cf8f6be523fbdf1b0a315a01c649dc7afa78ed1d76fae1a21df28c9cdd0edb92776af62f4f0a15b0796dd7fba1664e9758
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.tolipgoldenplaza.com - Port:
587 - Username:
[email protected] - Password:
Golden@#$2019
Extracted
Protocol: smtp- Host:
mail.tolipgoldenplaza.com - Port:
587 - Username:
[email protected] - Password:
Golden@#$2019
Targets
-
-
Target
ORD00086120 Salewa.exe
-
Size
878KB
-
MD5
77c773f719611dc391fff847c002d58e
-
SHA1
dd6df0502755ae6b30d258189997cf3e288593bd
-
SHA256
20b7e7bc13a175206c6c039377366f1755c961d371bd3131d8d03ba4d4e52ea6
-
SHA512
1af02a1ad9f9d111c8f48799065dd5d2c5a587b4bf0817523379b85924867ca5944921f6ed5292f8b387514aafd2614d66726526655a833283bfbeaecc679b5a
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-