General
-
Target
77604552d9c830399f0a222341731296c9cc06226c0d343e080b19c5bea53cf2
-
Size
548KB
-
Sample
220521-alwmnaadf5
-
MD5
ef711398fa98c21391cba3e740846f88
-
SHA1
bb037d9af992dff089b05d5e9d7fd7e5613e67a6
-
SHA256
77604552d9c830399f0a222341731296c9cc06226c0d343e080b19c5bea53cf2
-
SHA512
5c2314885b81e3c4a134829f79258923e2c0c1115ffc2780b6eb4d8bc8341b8a88227d273b71aa9ca72b393f9174bda361db19797bdc38fc9236640b24a7086e
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.taiemerica.com - Port:
587 - Username:
[email protected] - Password:
JuCbr%o3
Targets
-
-
Target
Payment Proof.exe
-
Size
698KB
-
MD5
9abb6b056df5fd1948ed0008fa402705
-
SHA1
5a6316760d1fc70edac6b78335ba08683e581090
-
SHA256
23238fe2dfccd6e140916ab34d11a4b42b84f485e02c102c58b696a11bd3e453
-
SHA512
2b91484958d25d05d9d13bad98fa8cd9d3e4847cb5a219718d5adce9068e510949fe28b56597534ae638a2925d04bf387b81aa98f0914b6b5806cf7a121440d1
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-