General
-
Target
a5f2d3dc12d30501895c104f20423c41c49a824021cd005ffde6f9f3ee553215
-
Size
530KB
-
Sample
220521-aahlnahhd7
-
MD5
d6ec06842d9522491237d3ad201e34df
-
SHA1
f92f0923c9970a37e5cd694828c2863a19b974a0
-
SHA256
a5f2d3dc12d30501895c104f20423c41c49a824021cd005ffde6f9f3ee553215
-
SHA512
86dae97d4d87a29fec1fc35e76857b28dc48b90945498decdf064f7b4f60507e988a9cb636cf4b3c5f5468501e3eeeb006fc473e0b65f5875d50b8fd6a157a72
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
sages101
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
sages101
Targets
-
-
Target
BL-Draft Copy-536834.exe
-
Size
691KB
-
MD5
18a0d2e7127c6c01e71c859027b2f62c
-
SHA1
d38758b0e2fc8d9079528e3bff79400f302afe18
-
SHA256
109c1e14f18b4021461c5f39e695edc2f20d79494dd26da41c11f1d4ebb6c88f
-
SHA512
57fc95f366417b3e4b6cd388aa82764dd505ae0f8ef1b11fc04ff02aaca21edcaf1e3e72e4710ea6d510de02cc22190bc2dd33a465ddd4d428629ff364d993e2
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-