General
-
Target
6462300ed4c41da33463ce115ed10a1d71f0f40506f042b3dcf471a6ff8a4faf
-
Size
1.2MB
-
Sample
220521-ap8rdsdedm
-
MD5
0f5a21734ce0fe010f92f886f362c5a2
-
SHA1
977d555d95ee02ccd0c10a674d974584c67e3acb
-
SHA256
6462300ed4c41da33463ce115ed10a1d71f0f40506f042b3dcf471a6ff8a4faf
-
SHA512
5f96166eeedd948861fce9570b9ea568fa32f3a269739589dff1e70c1ad81ca3ac462ce90d68a24dc916d9df2e49d9398ff32ad9d217c466f68f0e2be809c6c2
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.kimberleygroupbd.com - Port:
587 - Username:
[email protected] - Password:
QDx{5M]}9]-J
Extracted
Protocol: smtp- Host:
mail.kimberleygroupbd.com - Port:
587 - Username:
[email protected] - Password:
QDx{5M]}9]-J
Targets
-
-
Target
SHIPPING.EXE
-
Size
489KB
-
MD5
15d0922c4b04c5758d67ecb395c34537
-
SHA1
d66d9e84b61c1e4618194ea2249675badbadf184
-
SHA256
d68825e2bf5cf3d4bf06e37a527d80169551d51b8a41b5459997d5dfad858ff6
-
SHA512
dd83cc2d089c363954f5bad92a1d09db45c5e7abc3f9afbd11bc47b5c0cc7c4fcb4102d39929229990f5a7cf0a9fd2a0df5e9747aecca55f76584d7e64b860a0
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-