General
-
Target
47ba010df5c2847c8b9fd0f99902aa8b68bf4ed07222477f0a39b0e21644a8c2
-
Size
462KB
-
Sample
220521-aw6klsdhdp
-
MD5
c2a155c72ee9ed004a5b15021d5567c8
-
SHA1
81b137c2002db216a23c5dfeb9bb42b7ee6f650f
-
SHA256
47ba010df5c2847c8b9fd0f99902aa8b68bf4ed07222477f0a39b0e21644a8c2
-
SHA512
777a5edb38f3c64c4c61e8de41f4fe1ded607dc879b55c91611c06239310fa28f11b87ad89597a3f08513d9c9389da04653fe52d1770e8e1c3e08ecaf3cba4ca
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.erneralduae.com - Port:
587 - Username:
[email protected] - Password:
nEV!EZo2
Targets
-
-
Target
satın alma emri_PDF_______________________________________________.exe
-
Size
569KB
-
MD5
41c521c50f1f58394244769d49873d83
-
SHA1
957cbb10c57fef3e43b901ba17ef3ec6d36fd730
-
SHA256
4cf9aa6df9472ddba54a9104d6d559229da3796b96a8dcd2a9ed52873f7359e5
-
SHA512
616c961552e2b7c5d84b297ede86738c0b205348880fc3896e64911fe22131b22ebe5fc42d50c0974b8927e589e9df6844326250f2261fa32ed2c83f33a45247
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-