General
-
Target
59faf10d5580c7168d065c380479babec15a5854ccad5228ae9b6d2f51e831f5
-
Size
462KB
-
Sample
220521-asggbadffk
-
MD5
044bb177eaeb59a1b3250ff0a356fae4
-
SHA1
9320615c2b0e4a4f564640fa1fc06892ad46f24c
-
SHA256
59faf10d5580c7168d065c380479babec15a5854ccad5228ae9b6d2f51e831f5
-
SHA512
9661f2905bed7ec8b3dfd9f99b2c8013e71d3b02a08467b46305475b36daa7f1ba2b4923e6078dd1e9e54d8ffebbc575dd9c3584dac67083ef55819a832a2b67
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.pharco--corp.com - Port:
587 - Username:
[email protected] - Password:
tHKfMRa2
Targets
-
-
Target
dhl_doc7348255141.exe
-
Size
567KB
-
MD5
ae7ba206e16396ee1367922616c5d2f5
-
SHA1
e6382d36326fbcb32715992b89c207e4ef0e5fe9
-
SHA256
dfeb4e7e2a1a0fd599e6196bd91b89ec266e34f92ecb18f4700abcffad014bbe
-
SHA512
3e17b40904161212f87e1d9585fe6cecd70902844ab2400d0210610492c5eaa831a65d0d2f53aea0203b1778b4a898d75f1c2a3becfd4def3d5cf70ace4e992c
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-