General
-
Target
704c9d765e672bed80e1f569c90ac252672e596514cf121c25527b2a246058ae
-
Size
449KB
-
Sample
220521-amt58addej
-
MD5
c6b4ae07bc64e7fa6d69cd4a1ae7ac9b
-
SHA1
d35385d3654bf56a3f74420f42b4a8f998167544
-
SHA256
704c9d765e672bed80e1f569c90ac252672e596514cf121c25527b2a246058ae
-
SHA512
039905ba3fdc22be77fe8c102604014c41cf7913aa779a1db2edbb64d66e10dcf384e49e5982bc3b68d2130cee48b6296d0f88f47f4ed912483ba5ae20bb7d85
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.moorefundz.com - Port:
587 - Username:
[email protected] - Password:
g7g2Ig?Aeh_+
Targets
-
-
Target
TDS 027654404_pdf.exe
-
Size
565KB
-
MD5
a3d7a51555ed01cb495acce9f4a613c9
-
SHA1
8d566ea5fb0c3f257cfc8db7ae49200c1905b42c
-
SHA256
90668f8cc6f2af3378b032957f3941e7100560a57529df859e13f92eb91a561c
-
SHA512
2ae6bb08c66fe1014bb6590c58fd9e7c7bb97acb5e5880d170f0295c880922797b1ba20bf046c152eb20e51378f624ff9f3ad6f21c1820f26d309006f9448f6a
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-