General
-
Target
b362b04b04ba2eb1d6666833ce0202d6a5e67039df6168abb5481136d89d858c
-
Size
440KB
-
Sample
220521-bj9l6sfacn
-
MD5
55a77f633170600a8e5a7bb40438c53e
-
SHA1
a2f59b9d2de69bd7f0caf155c0f77d164eccc47a
-
SHA256
b362b04b04ba2eb1d6666833ce0202d6a5e67039df6168abb5481136d89d858c
-
SHA512
f17192abdbe159b4e211f04b52c34e849b35f9a1aab18af87d8584993604980340962a3e4abf956aff3aafa805f385b7776dd7e57441064b5c2347b0749be90d
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.aravaliauto.com - Port:
587 - Username:
[email protected] - Password:
aravali66
Targets
-
-
Target
ADVICE OF DEBIT - BANK CONFIDENTIAL-pdf.exe
-
Size
451KB
-
MD5
885f431f067ac0c3d53b71cdde50400c
-
SHA1
e414998afe9b6a135baae00c271c38f8b172428d
-
SHA256
4ab8fa3312a1bb877d9a7a363c8a36c0bf6e82c36458031ca46befa94b0e663d
-
SHA512
a38d325fe15e12e923b232dd1eb368639517323106bbf7e167681d7248c6b86acac5eba0c8cf62845c7533140d48a3abeb75b1a89422b0cb8501e150fd4e6841
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-