General
-
Target
b57c1d411983db6ccfd47d6d077b2062ff180e06465c7063499a337d340e7486
-
Size
544KB
-
Sample
220520-3ypdbscfaj
-
MD5
e01074b32dc3f0e129744ef87d0825aa
-
SHA1
b38420125c1f9aaa2c77dfe36d99570218e3ba36
-
SHA256
b57c1d411983db6ccfd47d6d077b2062ff180e06465c7063499a337d340e7486
-
SHA512
c49083bdb5da6f48c2ebf50f9b8c37b226d3614a6af6aa629c4ef1f2f7099ed43f0ab62ab00a5a10e9a8b465bb5d45febaeeb5125cb51d5a7d78c7444e45d0a7
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.trademaxperu.com - Port:
587 - Username:
[email protected] - Password:
icui4cu2@@
Extracted
Protocol: smtp- Host:
mail.trademaxperu.com - Port:
587 - Username:
[email protected] - Password:
icui4cu2@@
Targets
-
-
Target
Boleta de pago por transferencia bancaria USD_20,784.40.pdf.exe
-
Size
703KB
-
MD5
f7e4dc379ddd4b5270cb5ab2c3a87180
-
SHA1
0f1dabc652cfbff53b61b5bc1f90c116d5058e95
-
SHA256
fc83deb95f3429cec6679ff8d3ebdcc3ef8cf4944bf0b83dd4d84e5f664b000b
-
SHA512
4815a936eb0c2997ebb48baa29ebd7437ba47c5fdaf37da80e9c8d4d402a49aa31165e1ad1a22c50dae1f70fdc4cfd7e909de60160d5dee8c009ede193444197
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-