General
-
Target
5f3e0b955a3680e22ead8dedddb983423d908c17e93b0ed5cc2c81be1d5fa2cf
-
Size
501KB
-
Sample
220521-arelbsdfaj
-
MD5
dd01195c2b884cce810d652573730410
-
SHA1
3560d3ead17492ad5ef0652d37da520c43cc2fff
-
SHA256
5f3e0b955a3680e22ead8dedddb983423d908c17e93b0ed5cc2c81be1d5fa2cf
-
SHA512
1d6be75f3ede0d5cdc91cb17bca15130a83e30a21f754b7e2f15fad4e2cc7e1fa4c9314b80b2a4f4eb0c85bc0f315f4fcad352bf15cc6b5b13111430c8d04b36
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.dachanq.cc - Port:
587 - Username:
[email protected] - Password:
MKNXoqR2
Targets
-
-
Target
返回提示_ 28072020 _ [REF0000360261].exe
-
Size
865KB
-
MD5
c8deca22ffcce8d8e91978fe284304d7
-
SHA1
535251259839619cbfc57ad5b36ce4690492ecc8
-
SHA256
1fafadae2db218051fb1b353ac4682f0b5fc71e757c3fe094315a7127e94a091
-
SHA512
9c4755884148a336871b5c9819ff2bcf662c61ddd2d17c6c86f937bde11e7a993227b52cb79f3c3ba0f628bdbd6a248b1725f3fe088f2e4a968b37b119f27fde
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-