General
-
Target
694371bf3700fb008fe28072840783b358be559f28d181c1fbdeacccc5463ebf
-
Size
448KB
-
Sample
220521-an9masaeg2
-
MD5
76c22c85e647f5bec6d40b6d24eaa40c
-
SHA1
60d9dec3fef3fe5cf335bb213d7deb838e7dbfaf
-
SHA256
694371bf3700fb008fe28072840783b358be559f28d181c1fbdeacccc5463ebf
-
SHA512
4a4f0a5b7a956b0c022db74a17c67d85eb6e4fcc54e3941e7a1a31dc7f217eb52c9fb890464f0c345815a7ef5a8bfc975243d5d8a9a960077135b312a6d07775
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
ikem123456789
Targets
-
-
Target
04572922256.exe
-
Size
566KB
-
MD5
d9884be702d8fe60ac077b968d3cae30
-
SHA1
ab45d8ac74c5ff719c54bafcd8459f2f1d1be0a8
-
SHA256
1d14146ac003de2500950e2c52878e7c8866b107c0de95aaceee7e08d596acd7
-
SHA512
725f4fde1a5533eddfd3c4c0d3272a74dfaef25db25b8ae05a1e7e78955121bfe94a06c4d31e1e4d70dae9db8e1ce7465e3bd423999b622a0f2c487bc7574c97
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-