General
-
Target
63d17dc1a1bb8077d152dc6d964d26e9916bd0322312b9a4ba639c262ae4d32b
-
Size
462KB
-
Sample
220521-aqdbwadeej
-
MD5
1f7d2338a3f1801eec565f7adf13a7d3
-
SHA1
706a2b28db980b34d6ed70bf644371c0322ea63d
-
SHA256
63d17dc1a1bb8077d152dc6d964d26e9916bd0322312b9a4ba639c262ae4d32b
-
SHA512
2d2ae7242587ccc227c3dedc51a61413c596a2d576d3c0fefe22ebc8cfab05bf05419dceb87cd512df31fac14c57a4e3b265ca3c986f99bed8c6568788eb0b3e
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.asianhandicraftsexports.com - Port:
587 - Username:
[email protected] - Password:
@@##$$123456
Targets
-
-
Target
NEW PURCHASE ORDER.pdf.exe
-
Size
678KB
-
MD5
8b95b098f130f7e9949a8aa8a6fd6411
-
SHA1
44146452e69cf94acc5bc6f50b05dda94addd46d
-
SHA256
f7cc49578ee37fdedcfb8c54148c0357c7d480bf909d9ffcc6c9a6abcb193310
-
SHA512
e80656f1ab1a7fbe1fe3272f033171c2e29d57ea9ba8e7fdea78b010ef359dfb72e276868e26806a072ce5f3a8154ceff65ac951382622f1c0e3e1ef48608ab2
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-