General
-
Target
bce68b9af206f0983ee98a6adfd4b57b00da98c69014c03cf89965164a9cd8aa
-
Size
463KB
-
Sample
220520-3w1nkshfd5
-
MD5
c78895b12d8c17f04d788ae7e670796b
-
SHA1
eaded7e208fe8310814826427b29d36f81608bc8
-
SHA256
bce68b9af206f0983ee98a6adfd4b57b00da98c69014c03cf89965164a9cd8aa
-
SHA512
ece990bc6209bda17cf815dfb2e60332657e585dda58ab6d9f942a02849a7b0da681ba921aafbc9706699deb1118061556c96f5bc1f2b16aab03cbc560cbde6c
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.pharco--corp.com - Port:
587 - Username:
[email protected] - Password:
tHKfMRa2
Targets
-
-
Target
Curriculum Vitae Veronica Medina.exe
-
Size
567KB
-
MD5
2cbbc7f83f53bf6b53e9f31d5466800d
-
SHA1
962fc24dff70fbefbcc7a910b306d52090a8304c
-
SHA256
30849faefd77a27d2e66bdd49bc0ef9309fab03f3457c482e23472fdea96b27a
-
SHA512
65ce700ca7af84fe5fbeff34e14e07c5b5ecfaf3a18e0264bac2f5bc4d0fc0f15d7b2c50828042940e97a00f925c025caf6d90d1aa1e3b47f0312b098b0e5666
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-