General
-
Target
82b8f646380c1a4bc10d74fd5db58877cb2ff852d5ee222ffd9ea1635dbe123c
-
Size
481KB
-
Sample
220521-ah9p4sdbgq
-
MD5
06721b63ce34c35c8046ce63b987470e
-
SHA1
529aa64ed2082e808c1adecd6e8ad56d2c5298d2
-
SHA256
82b8f646380c1a4bc10d74fd5db58877cb2ff852d5ee222ffd9ea1635dbe123c
-
SHA512
4e00fbafa627e17e4fb58529e83024d3c4e86f1108e6b9ad6215275bd865d16bbdc1bd70df333a65d831fd93d0eecfc24bef76daf1fa9e9261295df31e124cdb
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.lacore.ee - Port:
587 - Username:
[email protected] - Password:
MBla354X
Extracted
Protocol: smtp- Host:
mail.lacore.ee - Port:
587 - Username:
[email protected] - Password:
MBla354X
Targets
-
-
Target
PO_NX-L1-15-00001.exe
-
Size
601KB
-
MD5
dca1db416954bda2897bea5d0535f231
-
SHA1
a22b0c6d447687aa7651df0517149754cc373483
-
SHA256
8de5b231add82c95e720fb340206a50034e9ac1de1108977389538f37a5be45b
-
SHA512
333907a24af7465825a2caf91c011bc541ae16aea116dfd391ced9351469dad2fa2d2c82b920fd646aa65a9b245fd11b48305e07a2c719a8478994557e109386
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-