General
-
Target
452465e6ae5ed95bac8429eb7517fd5591c872932a352f33932dec36308e7b51
-
Size
862KB
-
Sample
220521-b17txafhek
-
MD5
563a054d977f8ee963aa0eb4c5b065dc
-
SHA1
19bf467927d04c12e13f6a5a9aad03efcd1a4172
-
SHA256
452465e6ae5ed95bac8429eb7517fd5591c872932a352f33932dec36308e7b51
-
SHA512
31bcb93df227536c45742d26c69b103dc17cde280c349ebc65cd9af252acec732b76fa6739520f975cdbe47f8aa72785239902bffa16dcbf93c0791e686868f3
Malware Config
Targets
-
-
Target
bestelling0617_img.exe
-
Size
801KB
-
MD5
90cc17cfab3f7a33b6e75bc6d95af453
-
SHA1
2db5b5fe345cdc5b508880c1559706640c83009a
-
SHA256
c05f2597d7eefa874b49a615c112274a2d19e2149a420194aa428be36695268e
-
SHA512
746728a647cf3c4e8119158c753b5e4b18c53e14c562c06583872657078f25cf5b4323c08a6a1a00edb0bdca3e3db6b2cbb9bdc8e6272fb0c7960ed8602e2484
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-